Ansible private key fix (hopefully).

.gitea/workflows/pr-cloudflare-docker-deploy.yml

@@ -2,10 +2,13 @@ name: Gitea Branch PR, Cloudflare DNS, README generation, & Ansible/Docker Deplo
 on:
   push:
     branches-ignore:
-      - 'main'
+      - main
+    paths:
+      - '**.yaml'
+      - '**.yml'
+      - '**.j2'
 jobs:
   check-and-create-pr:
-    if: github.ref != 'refs/heads/main'
     name: Check and Create PR
     runs-on: ubuntu-latest
     steps:
@@ -25,19 +28,14 @@ jobs:
           uri: 'https://gitea.com/gitea/tea/releases/download/v0.9.2/tea-0.9.2-linux-amd64'
           name: 'tea'
           version: '0.9.2'
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: PR Check'
-          notification_message: 'Checking for existing PR... 🔍'
       - name: Check if open PR exists
         id: check-opened-pr-step
         continue-on-error: true
         run: |
           tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }}
+          tea pr list --repo ${{ github.repository }} --state all
           pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep ${{ github.ref_name }} | tail -1 | wc -l)
+          echo ${pr_exists}
           echo "exists=$pr_exists" >> $GITHUB_OUTPUT
       - name: Create PR
         if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }}
@@ -45,14 +43,7 @@ jobs:
           tea login default gitea-rinoa
           pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}')
           pr_index_new=$(expr ${pr_index_old} + 1)
-          tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose, Ansible Configs.j2"
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: PR Check'
-          notification_message: 'PR Created 🎟️'
+          tea pr c -r ${{ github.repository }} -t "Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }}
   docker-compose-ansible-lints:
     name: Docker Compose & Ansible Lints
     needs: [check-and-create-pr]
@@ -60,7 +51,6 @@ jobs:
     env:
       VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
       VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
-      VAULT_NAMESPACE: ""
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -79,19 +69,12 @@ jobs:
         uses: cpanato/vault-installer@main
       - name: Install hvac
         run: pip install hvac
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
-          notification_message: 'Starting Ansible dry run...'
       - name: Ansible Playbook Dry Run
         uses: dawidd6/action-ansible-playbook@v2
         with:
           directory: ansible/
           playbook: docker_config_deploy.yml
-          key: ${{ secrets.RINOA_ANSIBLE_PRIVATE_KEY }}
+          key: ${{secrets.RINOA_ANSIBLE_PRIVATE_SSH_KEY}}
           options: |
             --inventory inventory/hosts.yml
             --check
@@ -103,7 +86,7 @@ jobs:
           gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
           notification_title: 'GITEA: Ansible Config Dry Run @ Rinoa'
-          notification_message: 'Ansible dry run completed successfully; starting Docker Compose'
+          notification_message: 'Ansible dry run completed successfully.'
       - name: Generate .env file for Docker Compose Dry Run
         run: |
           vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
@@ -170,7 +153,7 @@ jobs:
           gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
           notification_title: 'GITEA: Cloudflare Setup @ Rinoa'
-          notification_message: 'Starting Cloudflare DNS setup...'
+          notification_message: 'Starting Cloudflare setup'
       - name: Compare Subdomains
         id: compare-subdomains
         uses: LouisBrunner/diff-action@v2.2.0
@@ -224,13 +207,6 @@ jobs:
       #     modified_services=${egrep '^  [a-z]' changes.yml | sed -e 's|^  ||g' -e 's|:||g' | sed ':a;N;$!ba;s/\n/ /g'}
       #     echo "Modified services: $modified_services"
       #     echo "modified_services=$modified_services" >> $GITHUB_OUTPUT
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: README Update'
-          notification_message: 'Updating README...'
       - name: Generate service list
         run: |
           yq '.services | to_entries | map({"service": .key, "image": .value.image})' docker-compose.yml > services.yml
@@ -250,13 +226,6 @@ jobs:
         with:
           message: "chore: Update README"
           add: "README.md"
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: README Update'
-          notification_message: 'README updated'
   pr-merge:
     name: PR Merge
     needs: [regenerate-readme-modified-services]
@@ -287,7 +256,8 @@ jobs:
           notification_title: 'GITEA: PR Merge Successful'
           notification_message: 'PR #${{ steps.pr_merge.outputs.pr_index }} merged.'
   ansible-config-docker-compose-deploy:
-    name: Ansible Configs & Docker Compose Deployment
+    name: Deploy via Ansible & Docker Compose
+    timeout-minutes: 360
     runs-on: ubuntu-latest
     needs: [pr-merge]
     env:
@@ -311,21 +281,8 @@ jobs:
           version: "11.0.0"
       - name: Install Vault
         uses: cpanato/vault-installer@main
-      - name: Login to Gitea Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: http://192.168.1.254:3013
-          username: gitea-sonarqube-bot
-          password: ${{ secrets.BOT_GITEA_TOKEN }}
       - name: Install hvac
         run: pip install hvac
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
-          notification_message: 'Starting config deployment with Ansible.'
       - name: Deploy Docker Configs via Ansible
         uses: dawidd6/action-ansible-playbook@v2
         with:
@@ -343,24 +300,16 @@ jobs:
           gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
           notification_title: 'GITEA: Ansible Config Deployment @ Rinoa'
           notification_message: 'Deployment completed successfully.'
-      - name: Gotify Notification
-        uses: eikendev/gotify-action@master
-        with:
-          gotify_api_base: '${{ secrets.RINOA_GOTIFY_URL }}'
-          gotify_app_token: '${{ secrets.RINOA_RUNNER_GOTIFY_TOKEN }}'
-          notification_title: 'GITEA: Docker Compose Deployment @ Rinoa'
-          notification_message: 'Starting Docker Compose run...'
       - name: Generate .env file for deployment
         run: |
            vault kv get -format=json rinoa-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
       - name: Docker Compose Deployment
         # if: ${{ steps.regenerate-readme-modified-services.outputs.modified_services != '' }}
-        timeout-minutes: 360
         continue-on-error: true
         uses: keatonLiu/docker-compose-remote-action@v1.2
         with:
           docker_compose_file: docker-compose.yml
-          docker_args: -d --remove-orphans --pull missing --no-recreate
+          docker_args: -d --remove-orphans --pull missing
           ssh_user: gitea-deploy
           ssh_host: 192.168.1.254
           ssh_host_public_key: ${{ secrets.RINOA_GITEA_PUBLIC_SSH_KEY }}

.gitea/workflows/vault-auto-unseal-flow.yml

@@ -1,28 +0,0 @@
-name: Auto-Unseal for Vault
-on:
-  schedule:
-    - cron: "30 2 * * *"
-jobs:
-  auto-unseal:
-    name: Unseal Vault
-    runs-on: ubuntu-latest
-    env:
-      VAULT_ADDR: ${{ secrets.RINOA_VAULT_ADDR }}
-      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
-      VAULT_SHARDS: |
-        ${{ secrets.VAULT_UNSEAL_SHARDS }}
-      VAULT_NAMESPACE: ""
-    steps:
-      - name: Cache Vault install
-        id: cache-vault
-        uses: actions/cache@v4
-        with:
-          path: /opt/hostedtoolcache/vault/1.18.0/x64
-          key: vault-${{ runner.os }}-1.18.0
-      - name: Install Vault
-        uses: cpanato/vault-installer@main
-      - name: Unseal Vault
-        run: |
-          for vault_shard in $(cat ${VAULT_SHARDS}); do
-            vault operator unseal -address=${VAULT_ADDR} -non-interactive "${vault_shard}"
-          done

.gitignore

@@ -1,4 +1,3 @@
 **/.cache_ggshield
 ansible/collections/ansible_collections/
-**/.env
-**/netbird_openid-configuration.json.j2
+**/.env

README.md

@@ -6,8 +6,6 @@
 | --- | --- |
 | actual_server | docker.io/actualbudget/actual-server:latest |
 | adguard | adguard/adguardhome:latest |
-| apprise-api | lscr.io/linuxserver/apprise-api:latest |
-| archivebox | archivebox/archivebox:latest |
 | audiobookshelf | ghcr.io/advplyr/audiobookshelf:latest |
 | authelia | authelia/authelia:master |
 | authelia-pg | postgres:16-alpine |
@@ -17,41 +15,41 @@
 | bitmagnet | ghcr.io/bitmagnet-io/bitmagnet:latest |
 | bitmagnet-pg-db | postgres:17-alpine |
 | bitwarden | vaultwarden/server:latest |
-| bluesky-pds | code.modernleft.org/gravityfargo/bluesky-pds:v0.4.98 |
+| bluesky-pds | ghcr.io/bluesky-social/pds:latest |
 | browserless | ghcr.io/browserless/chromium:latest |
-| bytebase | bytebase/bytebase:3.5.0 |
-| bytestash | ghcr.io/jordan-dalby/bytestash:latest |
 | castopod | castopod/castopod:latest |
 | cloudflared | cloudflare/cloudflared:latest |
 | cloudflareddns | ghcr.io/hotio/cloudflareddns:latest |
-| convertx | ghcr.io/c4illin/convertx |
 | cronicle | elestio/cronicle:latest |
 | crowdsec | crowdsecurity/crowdsec:latest |
 | crowdsec-dashboard | metabase/metabase |
-| cyber-chef | mpepping/cyberchef:latest |
 | czkawka | jlesage/czkawka |
-| dawarich-app | freikin/dawarich:latest |
-| dawarich-pg-db | postgis/postgis:17-3.5-alpine |
-| dawarich-sidekiq | freikin/dawarich:latest |
+| dbgate | dbgate/dbgate:alpine |
 | delugevpn | ghcr.io/binhex/arch-delugevpn:latest |
 | docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
-| docker-volume-backup | offen/docker-volume-backup:v2 |
+| docuseal | docuseal/docuseal:latest |
 | duplicati | lscr.io/linuxserver/duplicati:latest |
-| explo | ghcr.io/lumepart/explo:latest |
 | fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
 | flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
 | ghost | ghost:latest |
 | gitea | gitea/gitea:1.23.1 |
 | gitea-db | postgres:14 |
+| gitea-opengist | ghcr.io/thomiceli/opengist:latest |
 | gitea-runner | gitea/act_runner:latest |
 | gitea-sonarqube-bot | justusbunsi/gitea-sonarqube-bot:v0.4.0 |
 | gluetun | qmcgaw/gluetun:latest |
 | gotify | gotify/server |
-| graylog | graylog/graylog:6.1 |
-| graylog-datanode | graylog/graylog-datanode:6.1 |
+| grafana | grafana/grafana-enterprise:latest |
+| grafana-alloy | grafana/alloy:latest |
+| grafana-loki | grafana/loki:latest |
+| grafana-mimir | grafana/mimir:latest |
+| grafana-mimir-memcached | memcached |
+| grafana-pyroscope | grafana/pyroscope:latest |
+| grafana-tempo | grafana/tempo:latest |
 | guacamole | flcontainers/guacamole:latest |
 | homepage | ghcr.io/gethomepage/homepage:latest |
-| hugo | hugomods/hugo:exts-0.145.0 |
+| hortusfox | ghcr.io/danielbrendel/hortusfox-web:latest |
+| hugo | hugomods/hugo:exts |
 | immich-server | ghcr.io/immich-app/immich-server:release |
 | immich-machine-learning | ghcr.io/immich-app/immich-machine-learning:release |
 | immich-pg-db | tensorchord/pgvecto-rs:pg14-v0.2.1 |
@@ -59,8 +57,9 @@
 | immich-power-tools | ghcr.io/varun-raj/immich-power-tools:latest |
 | influxdb2 | influxdb:2-alpine |
 | invidious | quay.io/invidious/invidious:latest |
-| invidious-sig-helper | quay.io/invidious/inv-sig-helper:latest |
 | invidious-db | docker.io/library/postgres:14 |
+| invoice-ninja | invoiceninja/invoiceninja-debian:5 |
+| invoice-ninja_proxy | nginx |
 | it-tools | ghcr.io/corentinth/it-tools:latest |
 | jellyfin | jellyfin/jellyfin |
 | jitsi-etherpad | etherpad/etherpad:1.8.6 |
@@ -72,37 +71,37 @@
 | jitsi-web | jitsi/web:stable |
 | joplin-db | postgres:17-alpine |
 | joplin | joplin/server:latest |
-| librechat-api | ghcr.io/danny-avila/librechat-dev:latest |
-| librechat-vectordb | ankane/pgvector:latest |
-| librechat-rag-api | ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest |
-| libretranslate | libretranslate/libretranslate |
 | lidarr | lscr.io/linuxserver/lidarr:latest |
 | lidify | thewicklowwolf/lidify:latest |
-| linkstack | linkstackorg/linkstack:latest |
 | lldap | lldap/lldap:stable |
-| loggifly | ghcr.io/clemcer/loggifly:latest |
 | maloja | krateng/maloja:latest |
-| manyfold | lscr.io/linuxserver/manyfold:latest |
 | mariadb | linuxserver/mariadb |
 | mastodon | lscr.io/linuxserver/mastodon:latest |
 | mastodon-pg-db | postgres:17-alpine |
-| meilisearch | getmeili/meilisearch:v1.12.3 |
 | minio | minio/minio |
-| mixpost | inovector/mixpost:latest |
 | mongodb | bitnami/mongodb:7.0 |
 | multi-scrobbler | foxxmd/multi-scrobbler |
 | n8n | docker.n8n.io/n8nio/n8n |
 | navidrome | deluan/navidrome:latest |
 | netalertx | jokobsk/netalertx:latest |
+| netbird-dashboard | netbirdio/dashboard:latest |
+| netbird-signal | netbirdio/signal:latest |
+| netbird-relay | netbirdio/relay:latest |
+| netbird-management | netbirdio/management:latest |
+| netbird-coturn | coturn/coturn:latest |
 | nextcloud | nextcloud/all-in-one:latest |
 | ollama | ollama/ollama |
 | ombi | lscr.io/linuxserver/ombi:latest |
-| omni-tools | iib0011/omni-tools:latest |
+| open-webui | ghcr.io/open-webui/open-webui:main |
 | paperless-ngx | ghcr.io/paperless-ngx/paperless-ngx:latest |
+| parseable | containers.parseable.com/parseable/parseable:latest |
 | pgbackweb | eduardolat/pgbackweb:latest |
 | pgbackweb-db | postgres:16-alpine |
 | plantuml-server | plantuml/plantuml-server:jetty |
-| portainer | portainer/portainer-ce:alpine |
+| plausible | ghcr.io/plausible/community-edition:v2.1.0 |
+| plausible_db | postgres:16-alpine |
+| plausible_events_db | clickhouse/clickhouse-server:24.3.3.102-alpine |
+| portainer | portainer/portainer-ce:alpine-sts |
 | portall | need4swede/portall:latest |
 | postal-smtp | ghcr.io/postalserver/postal:latest |
 | postal-web | ghcr.io/postalserver/postal:latest |
@@ -121,24 +120,40 @@
 | scraperr-api | jpyles0524/scraperr_api:latest |
 | scrutiny | ghcr.io/analogj/scrutiny:master-omnibus |
 | searxng | searxng/searxng:latest |
-| semaphore | semaphoreui/semaphore:v2.12.14 |
 | sonarqube | mc1arke/sonarqube-with-community-branch-plugin:lts |
 | sonarqube-pg-db | postgres:17-alpine |
 | sonarr | lscr.io/linuxserver/sonarr:latest |
 | sonashow | thewicklowwolf/sonashow:latest |
+| soularr | mrusse08/soularr:latest |
+| soulseek | slskd/slskd |
+| sourcebot | ghcr.io/sourcebot-dev/sourcebot:latest |
 | speedtest-tracker | lscr.io/linuxserver/speedtest-tracker:latest |
-| stable-diffusion-download | git.trez.wtf/trez.one/stable-diffusion-download:v9.0.0 |
-| stable-diffusion-webui | git.trez.wtf/trez.one/stable-diffusion-ui:v9.0.1 |
-| stirling-pdf | docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest |
+| spotisub | blastbeng/spotisub:latest |
 | swag | lscr.io/linuxserver/swag:latest |
 | tandoor | vabene1111/recipes |
 | tandoor-pg | postgres:16-alpine |
+| traccar | traccar/traccar:latest |
+| traccar-pg | postgres:16-alpine |
 | unmanic | josh5/unmanic:latest |
 | uptimekuma | louislam/uptime-kuma:latest |
 | vault | hashicorp/vault:latest |
+| vector | timberio/vector:0.44.0-alpine |
 | wallabag | wallabag/wallabag |
 | wallos | bellamy/wallos:latest |
 | watchtower | ghcr.io/containrrr/watchtower:latest |
 | web-check | lissy93/web-check |
+| your_spotify | lscr.io/linuxserver/your_spotify:latest |
 | youtubedl | nbr23/youtube-dl-server:latest |
+| zammad-backup | postgres: |
+| zammad-elasticsearch | bitnami/elasticsearch: |
+| zammad-init | : |
+| zammad-memcached | memcached: |
+| zammad-nginx | : |
+| zammad-postgresql | postgres: |
+| zammad-railsserver | : |
+| zammad-redis | redis: |
+| zammad-scheduler | : |
+| zammad-websocket | : |
+| zitadel | ghcr.io/zitadel/zitadel:latest |
+| zitadel-pg-db | postgres:16-alpine |
 

ansible/app-configs/apprise_apprise.yml.j2

@@ -1,6 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-urls:
-  - gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }}
-  - mailtos://{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}@trez.wtf25?smtp=postal-smtp&from=noreply@trez.wtf

ansible/app-configs/authelia_configuration.yml.j2

@@ -1,172 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-# yaml-language-server: $schema=https://www.authelia.com/schemas/latest/json-schema/configuration.json
----
-theme: auto
-default_2fa_method: "totp"
-server:
-  address: '0.0.0.0:9091'
-  endpoints:
-    enable_pprof: false
-    enable_expvars: false
-  disable_healthcheck: false
-  tls:
-    key: ""
-    certificate: ""
-    client_certificates: []
-  headers:
-    csp_template: ""
-log:
-  level: debug
-telemetry:
-  metrics:
-    enabled: true
-    address: tcp://0.0.0.0:9959
-totp:
-  disable: false
-  issuer: authelia.com
-  algorithm: sha256
-  digits: 6
-  period: 30
-  skew: 1
-  secret_size: 32
-webauthn:
-  disable: false
-  timeout: 60s
-  display_name: Authelia
-  attestation_conveyance_preference: indirect
-  selection_criteria:
-    user_verification: preferred
-ntp:
-  address: "time.cloudflare.com:123"
-  version: 4
-  max_desync: 3s
-  disable_startup_check: false
-  disable_failure: false
-authentication_backend:
-  password_reset:
-    disable: false
-    custom_url: ""
-  ldap:
-    implementation: custom
-    address: ldap://lldap:3890
-    timeout: 5s
-    start_tls: false
-    base_dn: dc=trez,dc=wtf
-    additional_users_dn: ou=people
-    users_filter: "(&({username_attribute}={input})(objectClass=person))"
-    additional_groups_dn: ou=groups
-    groups_filter: "(member={dn})"
-    attributes:
-      username: uid
-      group_name: cn
-      mail: mail
-      display_name: displayName
-    user: uid=authelia,ou=people,dc=trez,dc=wtf
-    password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_AUTH_BIND_LDAP_PASSWORD'] }}'
-  refresh_interval: 5m
-identity_validation:
-  reset_password:
-    jwt_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_JWT_SECRET'] }}'
-password_policy:
-  standard:
-    enabled: true
-    min_length: 8
-    max_length: 0
-    require_uppercase: true
-    require_lowercase: true
-    require_number: true
-    require_special: false
-  zxcvbn:
-    enabled: false
-    min_score: 3
-access_control:
-  default_policy: deny
-  networks:
-    - name: 'internal'
-      networks:
-        - '172.17.0.0/16'
-        - '172.18.0.0/16'
-        - '192.168.1.0/24'
-  rules:
-    - domain_regex:
-      - '^trez.wtf$'
-      - ^www.trez.wtf$''
-      policy: bypass
-    - domain: '*.trez.wtf'
-      policy: bypass
-      networks:
-        - 'internal'
-    - domain: '*.trez.wtf'
-      policy: one_factor
-      subject:
-      - ['user:the.trezured.one']
-session:
-  name: authelia_session
-  secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_SESSION_SECRET'] }}'
-  expiration: 1h
-  inactivity: 5m
-  remember_me: 1M
-  cookies:
-    - domain: 'trez.wtf'
-      authelia_url: 'https://auth.trez.wtf'
-  redis:
-    host: redis
-    port: 6379
-storage:
-  encryption_key: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_ENCRYPTION_KEY'] }}'
-  postgres:
-    address: 'tcp://authelia-pg:5432'
-    database: authelia
-    username: authelia
-    password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_STORAGE_POSTGRES_PASSWORD'] }}'
-    timeout: '5s'
-regulation:
-  max_retries: 3
-  find_time: 2m
-  ban_time: 5m
-notifier:
-  disable_startup_check: true
-  smtp:
-    address: 'smtp://postal-smtp:25'
-    timeout: '5s'
-    username: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}'
-    password: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}'
-    sender: "Authelia <noreply@trez.wtf>"
-    identifier: 'localhost'
-    subject: "[Authelia] {title}"
-    startup_check_address: 'test@authelia.com'
-    disable_require_tls: true
-    disable_starttls: true
-    disable_html_emails: false
-identity_providers:
-  oidc:
-    hmac_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_OIDC_HMAC_SECRET'] }}'
-    jwks:
-      - key: |
-          {{ lookup("community.hashi_vault.vault_kv2_get", "env", engine_mount_point="rinoa-docker", url=vault_addr, token=vault_token_cleaned)["secret"]["AUTHELIA_OIDC_JWKS_KEY"] | replace("\\n", "\n") | indent(10) }}
-    cors:
-      allowed_origins_from_client_redirect_uris: true
-      endpoints:
-        - 'userinfo'
-        - 'authorization'
-        - 'token'
-        - 'revocation'
-        - 'introspection'
-    clients:
-      - client_id: 'netbird'
-        client_name: 'NetBird'
-        client_secret: '{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}'
-        public: false
-        authorization_policy: 'two_factor'
-        redirect_uris:
-          - 'https://vpn.trez.wtf/peers'
-          - 'https://vpn.trez.wtf/add-peers'
-          - 'http://localhost'
-        scopes:
-          - 'openid'
-          - 'email'
-          - 'profile'
-        userinfo_signed_response_alg: 'none'
-        token_endpoint_auth_method: 'client_secret_post'

ansible/app-configs/crowdsec_local-api-credentials.yaml.j2

@@ -1,6 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-url: http://0.0.0.0:8080
-login: localhost
-password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['CROWDSEC_LOCAL_API_KEY'] }}

ansible/app-configs/ghost_config.production.json.j2

@@ -1,42 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-{
-  "url": "blog.trez.wtf",
-  "database": {
-    "client": "mysql",
-    "connection": {
-      "host"     : "mariadb",
-      "port"     : 3306,
-      "user"     : "ghost",
-      "password" : "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GHOST_DB_PASSWORD'] }}",
-      "database" : "ghost_db"
-    }
-  },
-  "mail": {
-    "from": "'Ghost @ Rinoa' <noreply@trez.wtf>",
-    "transport": "SMTP",
-    "options": {
-      "host": "postal-smtp",
-      "port": 25,
-      "secure": false,
-      "auth": {
-        "user": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}",
-        "pass": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}"
-      }
-    }
-  },
-  "paths": {
-    "contentPath": "content/"
-  },
-  "privacy": {
-    "useGravatar": true
-  },
-  "logging": {
-    "level": "info",
-    "rotation": {
-      "enabled": true
-    },
-    "transports": ["file"]
-  }
-}

ansible/app-configs/gitea_act-runner_config.yaml.j2

@@ -0,0 +1,101 @@
+# Example configuration file, it's safe to copy this as the default config file without any modification.
+
+# You don't have to copy this file to your instance,
+# just run `./act_runner generate-config > config.yaml` to generate a config file.
+
+log:
+  # The level of logging, can be trace, debug, info, warn, error, fatal
+  level: info
+
+runner:
+  # Where to store the registration result.
+  file: .runner
+  # Execute how many tasks concurrently at the same time.
+  capacity: 2
+  # Extra environment variables to run jobs.
+  envs:
+    A_TEST_ENV_NAME_1: a_test_env_value_1
+    A_TEST_ENV_NAME_2: a_test_env_value_2
+  # Extra environment variables to run jobs from a file.
+  # It will be ignored if it's empty or the file doesn't exist.
+  env_file: .env
+  # The timeout for a job to be finished.
+  # Please note that the Gitea instance also has a timeout (3h by default) for the job.
+  # So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
+  timeout: 3h
+  # The timeout for the runner to wait for running jobs to finish when shutting down.
+  # Any running jobs that haven't finished after this timeout will be cancelled.
+  shutdown_timeout: 0s
+  # Whether skip verifying the TLS certificate of the Gitea instance.
+  insecure: false
+  # The timeout for fetching the job from the Gitea instance.
+  fetch_timeout: 5s
+  # The interval for fetching the job from the Gitea instance.
+  fetch_interval: 2s
+  # The labels of a runner are used to determine which jobs the runner can run, and how to run them.
+  # Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+  # Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
+  # If it's empty when registering, it will ask for inputting labels.
+  # If it's empty when execute `daemon`, will use labels in `.runner` file.
+  labels:
+    - "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
+    - "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
+    - "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
+
+cache:
+  # Enable cache server to use actions/cache.
+  enabled: true
+  # The directory to store the cache data.
+  # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
+  dir: ""
+  # The host of the cache server.
+  # It's not for the address to listen, but the address to connect from job containers.
+  # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
+  host: "192.168.1.254"
+  # The port of the cache server.
+  # 0 means to use a random available port.
+  port: 63604
+  # The external cache server URL. Valid only when enable is true.
+  # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
+  # The URL should generally end with "/".
+  external_server: ""
+
+container:
+  # Specifies the network to which the container will connect.
+  # Could be host, bridge or the name of a custom network.
+  # If it's empty, act_runner will create a network automatically.
+  network: "compose_default"
+  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
+  privileged: false
+  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
+  options:
+  # The parent directory of a job's working directory.
+  # NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically. 
+  # If the path starts with '/', the '/' will be trimmed.
+  # For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
+  # If it's empty, /workspace will be used.
+  workdir_parent:
+  # Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
+  # You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
+  # For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
+  # valid_volumes:
+  #   - data
+  #   - /src/*.json
+  # If you want to allow any volume, please use the following configuration:
+  # valid_volumes:
+  #   - '**'
+  valid_volumes: []
+  # overrides the docker client host with the specified one.
+  # If it's empty, act_runner will find an available docker host automatically.
+  # If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
+  # If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
+  docker_host: ""
+  # Pull docker image(s) even if already present
+  force_pull: false
+  # Rebuild docker image(s) even if already present
+  force_rebuild: false
+
+host:
+  # The parent directory of a job's working directory.
+  # If it's empty, $HOME/.cache/act/ will be used.
+  workdir_parent:

ansible/app-configs/homepage_settings.yaml.j2

@@ -11,10 +11,10 @@ providers:
 title: Rinoa Dashboard (trez.WTF)
 headerStyle: underlined
 color: slate
-showStats: false
+showStats: true
 statusStyle: "dot"
 favicon: /icons/favicon.ico
-useEqualHeights: true
+useEqualHeights: false
 hideErrors: false
 searchDescriptions: true
 showSearchSuggestions: true
@@ -24,6 +24,7 @@ layout:
   System Administration:
     style: row
     columns: 4
+    # fiveColumns: true
   Infrastructure/App Performance Monitoring:
     style: row
     columns: 3
@@ -32,25 +33,28 @@ layout:
     columns: 3
   Social:
     style: row
-    columns: 4
+    columns: 3
   Lifestyle:
     style: row
     columns: 3
   Automation:
-    style: row
-    columns: 5
+    style: columns
+    row: 2
   Privacy/Security:
+    style: columns
+    row: 5
+  Personal Services:
     style: row
-    columns: 5
-  Personal/Professional Services:
+    columns: 4
+  Professional Services:
     style: row
-    columns: 5
+    columns: 3
   Servarr Stack:
     style: row
     columns: 3
   Downloaders:
     style: row
-    columns: 2
+    columns: 3
   Media Library:
     style: row
-    columns: 4
+    columns: 3

ansible/app-configs/invidious_config.yml.j2

@@ -1,949 +0,0 @@
-#########################################
-#
-#  Database and other external servers
-#
-#########################################
-
-##
-## Database configuration with separate parameters.
-## This setting is MANDATORY, unless 'database_url' is used.
-##
-db:
-  user: kemal
-  host: invidious-db
-  port: 5432
-  dbname: invidious
-  password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_PG_DB_PASSWORD'] }}
-
-##
-## Database configuration using a single URI. This is an
-## alternative to the 'db' parameter above. If both forms
-## are used, then only database_url is used.
-## This setting is MANDATORY, unless 'db' is used.
-##
-## Note: The 'database_url' setting allows the use of UNIX
-## sockets. To do so, remove the IP address (or FQDN) and port
-## and append the 'host' parameter. E.g:
-##   postgres://kemal:kemal@/invidious?host=/var/run/postgresql
-##
-## Accepted values: a postgres:// URI
-## Default: postgres://kemal:kemal@localhost:5432/invidious
-##
-#database_url: postgres://kemal:kemal@localhost:5432/invidious
-
-##
-## Enable automatic table integrity check. This will create
-## the required tables and columns if anything is missing.
-##
-## Accepted values: true, false
-## Default: false
-##
-check_tables: true
-
-
-##
-## Path to an external signature resolver, used to emulate
-## the Youtube client's Javascript. If no such server is
-## available, some videos will not be playable.
-##
-## When this setting is commented out, no external
-## resolver will be used.
-##
-## Accepted values: a path to a UNIX socket or "<IP>:<Port>"
-## Default: <none>
-##
-signature_server: invidious-sig-helper:12999
-
-
-#########################################
-#
-#  Server config
-#
-#########################################
-
-# -----------------------------
-#  Network (inbound)
-# -----------------------------
-
-##
-## Port to listen on for incoming connections.
-##
-## Note: Ports lower than 1024 requires either root privileges
-## (not recommended) or the "CAP_NET_BIND_SERVICE" capability
-## (See https://stackoverflow.com/a/414258 and `man capabilities`)
-##
-## Accepted values: 1-65535
-## Default: 3000
-##
-#port: 3000
-
-##
-## When the invidious instance is behind a proxy, and the proxy
-## listens on a different port than the instance does, this lets
-## invidious know about it. This is used to craft absolute URLs
-## to the instance (e.g in the API).
-##
-## Note: This setting is MANDATORY if invidious is behind a
-## reverse proxy.
-##
-## Accepted values: 1-65535
-## Default: <none>
-##
-#external_port:
-
-##
-## Interface address to listen on for incoming connections.
-##
-## Accepted values: a valid IPv4 or IPv6 address.
-## default: 0.0.0.0  (listen on all interfaces)
-##
-#host_binding: 0.0.0.0
-
-##
-## Domain name under which this instance is hosted. This is
-## used to craft absolute URLs to the instance (e.g in the API).
-## The domain MUST be defined if your instance is accessed from
-## a domain name (like 'example.com').
-##
-## Accepted values: a fully qualified domain name (FQDN)
-## Default: <none>
-##
-# domain:
-
-##
-## Tell Invidious that it is behind a proxy that provides only
-## HTTPS, so all links must use the https:// scheme. This
-## setting MUST be set to true if invidious is behind a
-## reverse proxy serving HTTPs.
-##
-## Accepted values: true, false
-## Default: false
-##
-https_only: false
-
-##
-## Enable/Disable 'Strict-Transport-Security'. Make sure that
-## the domain specified under 'domain' is served securely.
-##
-## Accepted values: true, false
-## Default: true
-##
-#hsts: true
-
-
-# -----------------------------
-#  Network (outbound)
-# -----------------------------
-
-##
-## Disable proxying server-wide. Can be disable as a whole, or
-## only for a single function.
-##
-## Accepted values: true, false, dash, livestreams, downloads, local
-## Default: false
-##
-#disable_proxy: false
-
-##
-## Size of the HTTP pool used to connect to youtube. Each
-## domain ('youtube.com', 'ytimg.com', ...) has its own pool.
-##
-## Accepted values: a positive integer
-## Default: 100
-##
-#pool_size: 100
-
-
-##
-## Additional cookies to be sent when requesting the youtube API.
-##
-## Accepted values: a string in the format "name1=value1; name2=value2..."
-## Default: <none>
-##
-#cookies:
-
-##
-## Force connection to youtube over a specific IP family.
-##
-## Note: This may sometimes resolve issues involving rate-limiting.
-## See https://github.com/ytdl-org/youtube-dl/issues/21729.
-##
-## Accepted values: ipv4, ipv6
-## Default: <none>
-##
-#force_resolve:
-
-##
-## Configuration for using a HTTP proxy
-##
-## If unset, then no HTTP proxy will be used.
-## 
-#http_proxy:
-#  user:
-#  password:
-#  host:
-#  port:
-
-
-##
-## Use Innertube's transcripts API instead of timedtext for closed captions
-##
-## Useful for larger instances as InnerTube is **not ratelimited**. See https://github.com/iv-org/invidious/issues/2567
-##
-## Subtitle experience may differ slightly on Invidious.
-##
-## Accepted values: true, false
-## Default: false
-##
-# use_innertube_for_captions: false
-
-##
-## Send Google session informations. This is useful when Invidious is blocked
-## by the message "This helps protect our community."
-## See https://github.com/iv-org/invidious/issues/4734.
-##
-## Warning: These strings gives much more identifiable information to Google!
-##
-## Accepted values: String
-## Default: <none>
-##
-po_token: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_PO_TOKEN'] }}
-visitor_data: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_VISITOR_DATA'] }}
-
-# -----------------------------
-#  Logging
-# -----------------------------
-
-##
-## Path to log file. Can be absolute or relative to the invidious
-## binary. This is overridden if "-o OUTPUT" or "--output=OUTPUT"
-## are passed on the command line.
-##
-## Accepted values: a filesystem path or 'STDOUT'
-## Default: STDOUT
-##
-#output: STDOUT
-
-##
-## Logging Verbosity. This is overridden if "-l LEVEL" or
-## "--log-level=LEVEL" are passed on the command line.
-##
-## Accepted values: All, Trace, Debug, Info, Warn, Error, Fatal, Off
-## Default: Info
-##
-#log_level: Info
-
-##
-## Enables colors in logs. Useful for debugging purposes
-## This is overridden if "-k" or "--colorize"
-## are passed on the command line.
-## Colors are also disabled if the environment variable
-## NO_COLOR is present and has any value
-##
-## Accepted values: true, false
-## Default: true
-##
-#colorize_logs: false
-
-# -----------------------------
-#  Features
-# -----------------------------
-
-##
-## Enable/Disable the "Popular" tab on the main page.
-##
-## Accepted values: true, false
-## Default: true
-##
-#popular_enabled: true
-
-##
-## Enable/Disable statstics (available at /api/v1/stats).
-## The following data is available:
-##   - Software name ("invidious") and version+branch (same data as
-##     displayed in the footer, e.g: "2021.05.13-75e5b49" / "master")
-##   - The value of the 'registration_enabled' config (true/false)
-##   - Number of currently registered users
-##   - Number of registered users who connected in the last month
-##   - Number of registered users who connected in the last 6 months
-##   - Timestamp of the last server restart
-##   - Timestamp of the last "Channel Refresh" job execution
-##
-## Warning: This setting MUST be set to true if you plan to run
-## a public instance. It is used by api.invidious.io to refresh
-## your instance's status.
-##
-## Accepted values: true, false
-## Default: false
-##
-#statistics_enabled: false
-
-
-# -----------------------------
-#  Users and accounts
-# -----------------------------
-
-##
-## Allow/Forbid Invidious (local) account creation. Invidious
-## accounts allow users to subscribe to channels and to create
-## playlists without a Google account.
-##
-## Accepted values: true, false
-## Default: true
-##
-#registration_enabled: true
-
-##
-## Allow/Forbid users to log-in.
-##
-## Accepted values: true, false
-## Default: true
-##
-#login_enabled: true
-
-##
-## Enable/Disable the captcha challenge on the login page.
-##
-## Note: this is a basic captcha challenge that doesn't
-## depend on any third parties.
-##
-## Accepted values: true, false
-## Default: true
-##
-#captcha_enabled: true
-
-##
-## List of usernames that will be granted administrator rights.
-## A user with administrator rights will be able to change the
-## server configuration options listed below in /preferences,
-## in addition to the usual user preferences.
-##
-## Server-wide settings:
-##   - popular_enabled
-##   - captcha_enabled
-##   - login_enabled
-##   - registration_enabled
-##   - statistics_enabled
-## Default user preferences:
-##   - default_home
-##   - feed_menu
-##
-## Accepted values: an array of strings
-## Default: [""]
-##
-#admins: [""]
-
-##
-## Enable/Disable the user notifications for all users
-##
-## Note: On large instances, it is recommended to set this option to 'false'
-## in order to reduce the amount of data written to the database, and hence
-## improve the overall performance of the instance.
-##
-## Accepted values: true, false
-## Default: true
-##
-#enable_user_notifications: true
-
-# -----------------------------
-#  Background jobs
-# -----------------------------
-
-##
-## Number of threads to use when crawling channel videos (during
-## subscriptions update).
-##
-## Notes: This setting is overridden if either "-c THREADS" or
-## "--channel-threads=THREADS" is passed on the command line.
-##
-## Accepted values: a positive integer
-## Default: 1
-##
-channel_threads: 1
-
-##
-## Time interval between two executions of the job that crawls
-## channel videos (subscriptions update).
-##
-## Accepted values: a valid time interval (like 1h30m or 90m)
-## Default: 30m
-##
-#channel_refresh_interval: 30m
-
-##
-## Forcefully dump and re-download the entire list of uploaded
-## videos when crawling channel (during subscriptions update).
-##
-## Accepted values: true, false
-## Default: false
-##
-full_refresh: false
-
-##
-## Number of threads to use when updating RSS feeds.
-##
-## Notes: This setting is overridden if either "-f THREADS" or
-## "--feed-threads=THREADS" is passed on the command line.
-##
-## Accepted values: a positive integer
-## Default: 1
-##
-feed_threads: 1
-
-
-jobs:
-
-  ## Options for the database cleaning job
-  clear_expired_items:
-
-    ## Enable/Disable job
-    ##
-    ## Accepted values: true, false
-    ## Default: true
-    ##
-    enable: true
-
-  ## Options for the channels updater job
-  refresh_channels:
-
-    ## Enable/Disable job
-    ##
-    ## Accepted values: true, false
-    ## Default: true
-    ##
-    enable: true
-
-  ## Options for the RSS feeds updater job
-  refresh_feeds:
-
-    ## Enable/Disable job
-    ##
-    ## Accepted values: true, false
-    ## Default: true
-    ##
-    enable: true
-
-
-# -----------------------------
-#  Miscellaneous
-# -----------------------------
-
-##
-## custom banner displayed at the top of every page. This can
-## used for instance announcements, e.g.
-##
-## Accepted values: any string. HTML is accepted.
-## Default: <none>
-##
-#banner:
-
-##
-## Subscribe to channels using PubSubHub (Google PubSubHubbub service).
-## PubSubHub allows Invidious to be instantly notified when a new video
-## is published on any subscribed channels. When PubSubHub is not used,
-## Invidious will check for new videos every minute.
-##
-## Note: This setting is recommended for public instances.
-##
-## Note 2:
-##  - Requires a public instance (it uses /feed/webhook/v1)
-##  - Requires 'domain' and 'hmac_key' to be set.
-##  - Setting this parameter to any number greater than zero will
-##    enable channel subscriptions via PubSubHub, but will limit the
-##    amount of concurrent subscriptions.
-##
-## Accepted values: true, false, a positive integer
-## Default: false
-##
-#use_pubsub_feeds: false
-
-##
-## HMAC signing key used for CSRF tokens, cookies and pubsub
-## subscriptions verification.
-##
-## Note: This parameter is mandatory and should be a random string.
-## Such random string can be generated on linux with the following
-## command: `pwgen 20 1`
-##
-## Accepted values: a string
-## Default: <none>
-##
-hmac_key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['INVID_HMAC_KEY'] }}
-
-##
-## List of video IDs where the "download" widget must be
-## disabled, in order to comply with DMCA requests.
-##
-## Accepted values: an array of string
-## Default: <none>
-##
-#dmca_content:
-
-##
-## Cache video annotations in the database.
-##
-## Warning: empty annotations or annotations that only contain
-## cards won't be cached.
-##
-## Accepted values: true, false
-## Default: false
-##
-#cache_annotations: false
-
-##
-## Source code URL. If your instance is running a modified source
-## code, you MUST publish it somewhere and set this option.
-##
-## Accepted values: a string
-## Default: <none>
-##
-#modified_source_code_url: ""
-
-##
-## Maximum custom playlist length limit.
-##
-## Accepted values: Integer
-## Default: 500
-##
-#playlist_length_limit: 500
-
-#########################################
-#
-#  Default user preferences
-#
-#########################################
-
-##
-## NOTE: All the settings below define the default user
-## preferences. They will apply to ALL users connecting
-## without a preferences cookie (so either on the first
-## connection to the instance or after clearing the
-## browser's cookies).
-##
-
-default_user_preferences:
-
-  # -----------------------------
-  #  Internationalization
-  # -----------------------------
-
-  ##
-  ## Default user interface language (locale).
-  ##
-  ## Note: When hosting a public instance, overriding the
-  ## default (english) is not recommended, as it may
-  ## people using other languages.
-  ##
-  ## Accepted values:
-  ##   ar      (Arabic)
-  ##   da      (Danish)
-  ##   de      (German)
-  ##   en-US   (english, US)
-  ##   el      (Greek)
-  ##   eo      (Esperanto)
-  ##   es      (Spanish)
-  ##   fa      (Persian)
-  ##   fi      (Finnish)
-  ##   fr      (French)
-  ##   he      (Hebrew)
-  ##   hr      (Hungarian)
-  ##   id      (Indonesian)
-  ##   is      (Icelandic)
-  ##   it      (Italian)
-  ##   ja      (Japanese)
-  ##   nb-NO   (Norwegian, Bokmål)
-  ##   nl      (Dutch)
-  ##   pl      (Polish)
-  ##   pt-BR   (Portuguese, Brazil)
-  ##   pt-PT   (Portuguese, Portugal)
-  ##   ro      (Romanian)
-  ##   ru      (Russian)
-  ##   sv      (Swedish)
-  ##   tr      (Turkish)
-  ##   uk      (Ukrainian)
-  ##   zh-CN   (Chinese, China)  (a.k.a "Simplified Chinese")
-  ##   zh-TW   (Chinese, Taiwan) (a.k.a "Traditional Chinese")
-  ##
-  ## Default: en-US
-  ##
-  #locale: en-US
-
-  ##
-  ## Default geographical location for content.
-  ##
-  ## Accepted values:
-  ##   AE, AR, AT, AU, AZ, BA, BD, BE, BG, BH, BO, BR, BY, CA, CH, CL, CO, CR,
-  ##   CY, CZ, DE, DK, DO, DZ, EC, EE, EG, ES, FI, FR, GB, GE, GH, GR, GT, HK,
-  ##   HN, HR, HU, ID, IE, IL, IN, IQ, IS, IT, JM, JO, JP, KE, KR, KW, KZ, LB,
-  ##   LI, LK, LT, LU, LV, LY, MA, ME, MK, MT, MX, MY, NG, NI, NL, NO, NP, NZ,
-  ##   OM, PA, PE, PG, PH, PK, PL, PR, PT, PY, QA, RO, RS, RU, SA, SE, SG, SI,
-  ##   SK, SN, SV, TH, TN, TR, TW, TZ, UA, UG, US, UY, VE, VN, YE, ZA, ZW
-  ##
-  ## Default: US
-  ##
-  #region: US
-
-  ##
-  ## Top 3 preferred languages for video captions.
-  ##
-  ## Note: overriding the default (no preferred
-  ## caption language) is not recommended, in order
-  ## to not penalize people using other languages.
-  ##
-  ## Accepted values: a three-entries array.
-  ## Each entry can be one of:
-  ##   "English", "English (auto-generated)",
-  ##   "Afrikaans", "Albanian", "Amharic", "Arabic",
-  ##   "Armenian", "Azerbaijani", "Bangla", "Basque",
-  ##   "Belarusian", "Bosnian", "Bulgarian", "Burmese",
-  ##   "Catalan", "Cebuano", "Chinese (Simplified)",
-  ##   "Chinese (Traditional)", "Corsican", "Croatian",
-  ##   "Czech", "Danish", "Dutch", "Esperanto", "Estonian",
-  ##   "Filipino", "Finnish", "French", "Galician", "Georgian",
-  ##   "German", "Greek", "Gujarati", "Haitian Creole", "Hausa",
-  ##   "Hawaiian", "Hebrew", "Hindi", "Hmong", "Hungarian",
-  ##   "Icelandic", "Igbo", "Indonesian", "Irish", "Italian",
-  ##   "Japanese", "Javanese", "Kannada", "Kazakh", "Khmer",
-  ##   "Korean", "Kurdish", "Kyrgyz", "Lao", "Latin", "Latvian",
-  ##   "Lithuanian", "Luxembourgish", "Macedonian",
-  ##   "Malagasy", "Malay", "Malayalam", "Maltese", "Maori",
-  ##   "Marathi", "Mongolian", "Nepali", "Norwegian Bokmål",
-  ##   "Nyanja", "Pashto", "Persian", "Polish", "Portuguese",
-  ##   "Punjabi", "Romanian", "Russian", "Samoan",
-  ##   "Scottish Gaelic", "Serbian", "Shona", "Sindhi",
-  ##   "Sinhala", "Slovak", "Slovenian", "Somali",
-  ##   "Southern Sotho", "Spanish", "Spanish (Latin America)",
-  ##   "Sundanese",  "Swahili", "Swedish", "Tajik", "Tamil",
-  ##   "Telugu", "Thai", "Turkish", "Ukrainian", "Urdu",
-  ##   "Uzbek", "Vietnamese", "Welsh", "Western Frisian",
-  ##   "Xhosa", "Yiddish", "Yoruba", "Zulu"
-  ##
-  ## Default: ["", "", ""]
-  ##
-  #captions: ["", "", ""]
-
-
-  # -----------------------------
-  #  Interface
-  # -----------------------------
-
-  ##
-  ## Enable/Disable dark mode.
-  ##
-  ## Accepted values: "dark", "light", "auto"
-  ## Default: "auto"
-  ##
-  #dark_mode: "auto"
-
-  ##
-  ## Enable/Disable thin mode (no video thumbnails).
-  ##
-  ## Accepted values: true, false
-  ## Default: false
-  ##
-  #thin_mode: false
-
-  ##
-  ## List of feeds available on the home page.
-  ##
-  ## Note: "Subscriptions" and "Playlists" are only visible
-  ## when the user is logged in.
-  ##
-  ## Accepted values: A list of strings
-  ## Each entry can be one of: "Popular", "Trending",
-  ##    "Subscriptions", "Playlists"
-  ##
-  ## Default: ["Popular", "Trending", "Subscriptions", "Playlists"]  (show all feeds)
-  ##
-  #feed_menu: ["Popular", "Trending", "Subscriptions", "Playlists"]
-
-  ##
-  ## Default feed to display on the home page.
-  ##
-  ## Note: setting this option to "Popular" has no
-  ## effect when 'popular_enabled' is set to false.
-  ##
-  ## Accepted values: Popular, Trending, Subscriptions, Playlists, <none>
-  ## Default: Popular
-  ##
-  #default_home: Popular
-
-  ##
-  ## Default number of results to display per page.
-  ##
-  ## Note: this affects invidious-generated pages only, such
-  ## as watch history and subscription feeds. Playlists, search
-  ## results and channel videos depend on the data returned by
-  ## the Youtube API.
-  ##
-  ## Accepted values: any positive integer
-  ## Default: 40
-  ##
-  #max_results: 40
-
-  ##
-  ## Show/hide annotations.
-  ##
-  ## Accepted values: true, false
-  ## Default: false
-  ##
-  #annotations: false
-
-  ##
-  ## Show/hide annotation.
-  ##
-  ## Accepted values: true, false
-  ## Default: false
-  ##
-  #annotations_subscribed: false
-
-  ##
-  ## Type of comments to display below video.
-  ##
-  ## Accepted values: a two-entries array.
-  ## Each entry can be one of: "youtube", "reddit", ""
-  ##
-  ## Default: ["youtube", ""]
-  ##
-  #comments: ["youtube", ""]
-
-  ##
-  ## Default player style.
-  ##
-  ## Accepted values: invidious, youtube
-  ## Default: invidious
-  ##
-  #player_style: invidious
-
-  ##
-  ## Show/Hide the "related videos" sidebar when
-  ## watching a video.
-  ##
-  ## Accepted values: true, false
-  ## Default: true
-  ##
-  #related_videos: true
-
-
-  # -----------------------------
-  #  Video player behavior
-  # -----------------------------
-
-  ##
-  ## This option controls the value of the HTML5 <video> element's
-  ## "preload" attribute.
-  ##
-  ## If set to 'false', no video data will be loaded until the user
-  ## explicitly starts the video by clicking the "Play" button.
-  ## If set to 'true', the web browser will buffer some video data
-  ## while the page is loading.
-  ##
-  ## See: https://www.w3schools.com/tags/att_video_preload.asp
-  ##
-  ## Accepted values: true, false
-  ## Default: true
-  ##
-  #preload: true
-
-  ##
-  ## Automatically play videos on page load.
-  ##
-  ## Accepted values: true, false
-  ## Default: false
-  ##
-  #autoplay: false
-
-  ##
-  ## Automatically load the "next" video (either next in
-  ## playlist or proposed) when the current video ends.
-  ##
-  ## Accepted values: true, false
-  ## Default: false
-  ##
-  #continue: false
-
-  ##
-  ## Autoplay next video by default.
-  ##
-  ## Note: Only effective if 'continue' is set to true.
-  ##
-  ## Accepted values: true, false
-  ## Default: true
-  ##
-  #continue_autoplay: true
-
-  ##
-  ## Play videos in Audio-only mode by default.
-  ##
-  ## Accepted values: true, false
-  ## Default: false
-  ##
-  #listen: false
-
-  ##
-  ## Loop videos automatically.
-  ##
-  ## Accepted values: true, false
-  ## Default: false
-  ##
-  #video_loop: false
-
-
-  # -----------------------------
-  #  Video playback settings
-  # -----------------------------
-
-  ##
-  ## Default video quality.
-  ##
-  ## Accepted values: dash, hd720, medium, small
-  ## Default: hd720
-  ##
-  #quality: hd720
-
-  ##
-  ## Default dash video quality.
-  ##
-  ## Note: this setting only takes effet if the
-  ## 'quality' parameter is set to "dash".
-  ##
-  ## Accepted values:
-  ##    auto, best, 4320p, 2160p, 1440p, 1080p,
-  ##    720p, 480p, 360p, 240p, 144p, worst
-  ## Default: auto
-  ##
-  #quality_dash: auto
-
-  ##
-  ## Default video playback speed.
-  ##
-  ## Accepted values: 0.25, 0.5, 0.75, 1.0, 1.25, 1.5, 1.75, 2.0
-  ## Default: 1.0
-  ##
-  #speed: 1.0
-
-  ##
-  ## Default volume.
-  ##
-  ## Accepted values: 0-100
-  ## Default: 100
-  ##
-  #volume: 100
-
-  ##
-  ## Allow 360° videos to be played.
-  ##
-  ## Note: This feature requires a WebGL-enabled browser.
-  ##
-  ## Accepted values: true, false
-  ## Default: true
-  ##
-  #vr_mode: true
-  
-  ##
-  ## Save the playback position
-  ## Allow to continue watching at the previous position when
-  ## watching the same video.
-  ##
-  ## Accepted values: true, false
-  ## Default: false
-  ##
-  #save_player_pos: false
-
-  # -----------------------------
-  #  Subscription feed
-  # -----------------------------
-
-  ##
-  ## In the "Subscription" feed, only show the latest video
-  ## of each channel the user is subscribed to.
-  ##
-  ## Note: when combined with 'unseen_only', the latest unseen
-  ## video of each channel will be displayed instead of the
-  ## latest by date.
-  ##
-  ## Accepted values: true, false
-  ## Default: false
-  ##
-  #latest_only: false
-
-  ##
-  ## Enable/Disable user subscriptions desktop notifications.
-  ##
-  ## Accepted values: true, false
-  ## Default: false
-  ##
-  #notifications_only: false
-
-  ##
-  ## In the "Subscription" feed, Only show the videos that the
-  ## user haven't watched yet (i.e which are not in their watch
-  ## history).
-  ##
-  ## Accepted values: true, false
-  ## Default: false
-  ##
-  #unseen_only: false
-
-  ##
-  ## Default sorting parameter for subscription feeds.
-  ##
-  ## Accepted values:
-  ##   'alphabetically'
-  ##   'alphabetically - reverse'
-  ##   'channel name'
-  ##   'channel name - reverse'
-  ##   'published'
-  ##   'published - reverse'
-  ##
-  ## Default: published
-  ##
-  #sort: published
-
-
-  # -----------------------------
-  #  Miscellaneous
-  # -----------------------------
-
-  ##
-  ## Proxy videos through instance by default.
-  ##
-  ## Warning: As most users won't change this setting in their
-  ## preferences, defaulting  to true will significantly
-  ## increase the instance's network usage, so make sure that
-  ## your server's connection can handle it.
-  ##
-  ## Accepted values: true, false
-  ## Default: false
-  ##
-  #local: false
-
-  ##
-  ## Show the connected user's nick at the top right.
-  ##
-  ## Accepted values: true, false
-  ## Default: true
-  ##
-  #show_nick: true
-
-  ##
-  ## Automatically redirect to a random instance when the user uses
-  ## any "switch invidious instance" link (For videos, it's the plane
-  ## icon, next to "watch on youtube" and "listen"). When set to false,
-  ## the user is sent to https://redirect.invidious.io instead, where
-  ## they can manually select an instance.
-  ##
-  ## Accepted values: true, false
-  ## Default: false
-  ##
-  #automatic_instance_redirect: false
-
-  ##
-  ## Show the entire video description by default (when set to 'false',
-  ## only the first few lines of the description are shown and a
-  ## "show more" button allows to expand it).
-  ##
-  ## Accepted values: true, false
-  ## Default: false
-  ##
-  #extend_desc: false

ansible/app-configs/librechat_librechat.env.j2

@@ -1,550 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-#=====================================================================#
-#                       LibreChat Configuration                       #
-#=====================================================================#
-# Please refer to the reference documentation for assistance          #
-# with configuring your LibreChat environment.                        #
-#                                                                     #
-# https://www.librechat.ai/docs/configuration/dotenv                  #
-#=====================================================================#
-
-#==================================================#
-#               Server Configuration               #
-#==================================================#
-
-HOST=localhost
-PORT=3080
-
-MONGO_URI=mongodb://librechat:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MONGODB_PASSWORD'] }}@mongodb:27017/librechat?replicaSet=rinoa
-
-DOMAIN_CLIENT=https://ai.trez.wtf
-DOMAIN_SERVER=https://ai.trez.wtf
-
-NO_INDEX=true
-# Use the address that is at most n number of hops away from the Express application.
-# req.socket.remoteAddress is the first hop, and the rest are looked for in the X-Forwarded-For header from right to left.
-# A value of 0 means that the first untrusted address would be req.socket.remoteAddress, i.e. there is no reverse proxy.
-# Defaulted to 1.
-TRUST_PROXY=1
-
-#===============#
-# JSON Logging  #
-#===============#
-
-# Use when process console logs in cloud deployment like GCP/AWS
-CONSOLE_JSON=true
-
-#===============#
-# Debug Logging #
-#===============#
-
-DEBUG_LOGGING=true
-DEBUG_CONSOLE=false
-
-#=============#
-# Permissions #
-#=============#
-
-# UID=1000
-# GID=1000
-
-#===============#
-# Configuration #
-#===============#
-# Use an absolute path, a relative path, or a URL
-
-# CONFIG_PATH="/alternative/path/to/librechat.yaml"
-
-#===================================================#
-#                     Endpoints                     #
-#===================================================#
-
-# ENDPOINTS=openAI,assistants,azureOpenAI,google,gptPlugins,anthropic
-
-PROXY=
-
-#===================================#
-# Known Endpoints - librechat.yaml  #
-#===================================#
-# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints
-
-# ANYSCALE_API_KEY=
-# APIPIE_API_KEY=
-# COHERE_API_KEY=
-DEEPSEEK_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_DEEPSEEK_API_KEY'] }}
-# DATABRICKS_API_KEY=
-# FIREWORKS_API_KEY=
-# GROQ_API_KEY=
-# HUGGINGFACE_TOKEN=
-MISTRAL_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_MISTRAL_API_KEY'] }}
-# OPENROUTER_KEY=
-# PERPLEXITY_API_KEY=
-# SHUTTLEAI_API_KEY=
-# TOGETHERAI_API_KEY=
-# UNIFY_API_KEY=
-# XAI_API_KEY=
-
-#============#
-# Anthropic  #
-#============#
-
-ANTHROPIC_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_ANTHROPIC_API_KEY'] }}
-ANTHROPIC_MODELS=claude-3-7-sonnet-latest,claude-3-7-sonnet-20250219,claude-3-5-haiku-20241022,claude-3-5-sonnet-20241022,claude-3-5-sonnet-latest,claude-3-5-sonnet-20240620,claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307,claude-2.1,claude-2,claude-1.2,claude-1,claude-1-100k,claude-instant-1,claude-instant-1-100k
-# ANTHROPIC_REVERSE_PROXY=
-
-#============#
-# Azure      #
-#============#
-
-# Note: these variables are DEPRECATED
-# Use the `librechat.yaml` configuration for `azureOpenAI` instead
-# You may also continue to use them if you opt out of using the `librechat.yaml` configuration
-
-# AZURE_OPENAI_DEFAULT_MODEL=gpt-3.5-turbo # Deprecated
-# AZURE_OPENAI_MODELS=gpt-3.5-turbo,gpt-4 # Deprecated
-# AZURE_USE_MODEL_AS_DEPLOYMENT_NAME=TRUE # Deprecated
-# AZURE_API_KEY= # Deprecated
-# AZURE_OPENAI_API_INSTANCE_NAME= # Deprecated
-# AZURE_OPENAI_API_DEPLOYMENT_NAME= # Deprecated
-# AZURE_OPENAI_API_VERSION= # Deprecated
-# AZURE_OPENAI_API_COMPLETIONS_DEPLOYMENT_NAME= # Deprecated
-# AZURE_OPENAI_API_EMBEDDINGS_DEPLOYMENT_NAME= # Deprecated
-# PLUGINS_USE_AZURE="true" # Deprecated
-
-#=================#
-#   AWS Bedrock   #
-#=================#
-
-# BEDROCK_AWS_DEFAULT_REGION=us-east-1 # A default region must be provided
-# BEDROCK_AWS_ACCESS_KEY_ID=someAccessKey
-# BEDROCK_AWS_SECRET_ACCESS_KEY=someSecretAccessKey
-# BEDROCK_AWS_SESSION_TOKEN=someSessionToken
-
-# Note: This example list is not meant to be exhaustive. If omitted, all known, supported model IDs will be included for you.
-# BEDROCK_AWS_MODELS=anthropic.claude-3-5-sonnet-20240620-v1:0,meta.llama3-1-8b-instruct-v1:0
-
-# See all Bedrock model IDs here: https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids.html#model-ids-arns
-
-# Notes on specific models:
-# The following models are not support due to not supporting streaming:
-# ai21.j2-mid-v1
-
-# The following models are not support due to not supporting conversation history:
-# ai21.j2-ultra-v1, cohere.command-text-v14, cohere.command-light-text-v14
-
-#============#
-# Google     #
-#============#
-
-{# GOOGLE_KEY=user_provided #}
-
-# GOOGLE_REVERSE_PROXY=
-# Some reverse proxies do not support the X-goog-api-key header, uncomment to pass the API key in Authorization header instead.
-# GOOGLE_AUTH_HEADER=true
-
-# Gemini API (AI Studio)
-# GOOGLE_MODELS=gemini-2.0-flash-exp,gemini-2.0-flash-thinking-exp-1219,gemini-exp-1121,gemini-exp-1114,gemini-1.5-flash-latest,gemini-1.0-pro,gemini-1.0-pro-001,gemini-1.0-pro-latest,gemini-1.0-pro-vision-latest,gemini-1.5-pro-latest,gemini-pro,gemini-pro-vision
-
-# Vertex AI
-# GOOGLE_MODELS=gemini-1.5-flash-preview-0514,gemini-1.5-pro-preview-0514,gemini-1.0-pro-vision-001,gemini-1.0-pro-002,gemini-1.0-pro-001,gemini-pro-vision,gemini-1.0-pro
-
-# GOOGLE_TITLE_MODEL=gemini-pro
-
-# GOOGLE_LOC=us-central1
-
-# Google Safety Settings
-# NOTE: These settings apply to both Vertex AI and Gemini API (AI Studio)
-#
-# For Vertex AI:
-# To use the BLOCK_NONE setting, you need either:
-# (a) Access through an allowlist via your Google account team, or
-# (b) Switch to monthly invoiced billing: https://cloud.google.com/billing/docs/how-to/invoiced-billing
-#
-# For Gemini API (AI Studio):
-# BLOCK_NONE is available by default, no special account requirements.
-#
-# Available options: BLOCK_NONE, BLOCK_ONLY_HIGH, BLOCK_MEDIUM_AND_ABOVE, BLOCK_LOW_AND_ABOVE
-#
-# GOOGLE_SAFETY_SEXUALLY_EXPLICIT=BLOCK_ONLY_HIGH
-# GOOGLE_SAFETY_HATE_SPEECH=BLOCK_ONLY_HIGH
-# GOOGLE_SAFETY_HARASSMENT=BLOCK_ONLY_HIGH
-# GOOGLE_SAFETY_DANGEROUS_CONTENT=BLOCK_ONLY_HIGH
-# GOOGLE_SAFETY_CIVIC_INTEGRITY=BLOCK_ONLY_HIGH
-
-#============#
-# OpenAI     #
-#============#
-
-OPENAI_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_OPENAI_API_KEY'] }}
-OPENAI_MODELS=o1,o1-mini,o1-preview,gpt-4o,chatgpt-4o-latest,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k
-
-DEBUG_OPENAI=false
-
-# TITLE_CONVO=false
-# OPENAI_TITLE_MODEL=gpt-4o-mini
-
-# OPENAI_SUMMARIZE=true
-# OPENAI_SUMMARY_MODEL=gpt-4o-mini
-
-# OPENAI_FORCE_PROMPT=true
-
-# OPENAI_REVERSE_PROXY=
-
-# OPENAI_ORGANIZATION=
-
-#====================#
-#   Assistants API   #
-#====================#
-
-# ASSISTANTS_API_KEY=user_provided
-# ASSISTANTS_BASE_URL=
-# ASSISTANTS_MODELS=gpt-4o,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-16k-0613,gpt-3.5-turbo-16k,gpt-3.5-turbo,gpt-4,gpt-4-0314,gpt-4-32k-0314,gpt-4-0613,gpt-3.5-turbo-0613,gpt-3.5-turbo-1106,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview
-
-#==========================#
-#   Azure Assistants API   #
-#==========================#
-
-# Note: You should map your credentials with custom variables according to your Azure OpenAI Configuration
-# The models for Azure Assistants are also determined by your Azure OpenAI configuration.
-
-# More info, including how to enable use of Assistants with Azure here:
-# https://www.librechat.ai/docs/configuration/librechat_yaml/ai_endpoints/azure#using-assistants-with-azure
-
-#============#
-# OpenRouter #
-#============#
-# !!!Warning: Use the variable above instead of this one. Using this one will override the OpenAI endpoint
-# OPENROUTER_API_KEY=
-
-#============#
-# Plugins    #
-#============#
-
-# PLUGIN_MODELS=gpt-4o,gpt-4o-mini,gpt-4,gpt-4-turbo-preview,gpt-4-0125-preview,gpt-4-1106-preview,gpt-4-0613,gpt-3.5-turbo,gpt-3.5-turbo-0125,gpt-3.5-turbo-1106,gpt-3.5-turbo-0613
-
-# DEBUG_PLUGINS=
-
-CREDS_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_KEY'] }}
-CREDS_IV={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_CREDS_IV'] }}
-
-# Azure AI Search
-#-----------------
-# AZURE_AI_SEARCH_SERVICE_ENDPOINT=
-# AZURE_AI_SEARCH_INDEX_NAME=
-# AZURE_AI_SEARCH_API_KEY=
-
-# AZURE_AI_SEARCH_API_VERSION=
-# AZURE_AI_SEARCH_SEARCH_OPTION_QUERY_TYPE=
-# AZURE_AI_SEARCH_SEARCH_OPTION_TOP=
-# AZURE_AI_SEARCH_SEARCH_OPTION_SELECT=
-
-# DALL·E
-#----------------
-# DALLE_API_KEY=
-# DALLE3_API_KEY=
-# DALLE2_API_KEY=
-# DALLE3_SYSTEM_PROMPT=
-# DALLE2_SYSTEM_PROMPT=
-# DALLE_REVERSE_PROXY=
-# DALLE3_BASEURL=
-# DALLE2_BASEURL=
-
-# DALL·E (via Azure OpenAI)
-# Note: requires some of the variables above to be set
-#----------------
-# DALLE3_AZURE_API_VERSION=
-# DALLE2_AZURE_API_VERSION=
-
-
-# Google
-#-----------------
-GOOGLE_SEARCH_API_KEY=
-GOOGLE_CSE_ID=
-
-# YOUTUBE
-#-----------------
-YOUTUBE_API_KEY=
-
-# SerpAPI
-#-----------------
-SERPAPI_API_KEY=
-
-# Stable Diffusion
-#-----------------
-SD_WEBUI_URL=http://stable-diffusion-webui:7860
-
-# Tavily
-#-----------------
-TAVILY_API_KEY=
-
-# Traversaal
-#-----------------
-TRAVERSAAL_API_KEY=
-
-# WolframAlpha
-#-----------------
-WOLFRAM_APP_ID=
-
-# Zapier
-#-----------------
-ZAPIER_NLA_API_KEY=
-
-#==================================================#
-#                      Search                      #
-#==================================================#
-
-SEARCH=true
-MEILI_NO_ANALYTICS=true
-MEILI_HOST=http://meilisearch:7700
-MEILI_MASTER_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MEILISEARCH_MASTER_KEY'] }}
-
-# Optional: Disable indexing, useful in a multi-node setup
-# where only one instance should perform an index sync.
-# MEILI_NO_SYNC=true
-
-#==================================================#
-#          Speech to Text & Text to Speech         #
-#==================================================#
-
-STT_API_KEY=
-TTS_API_KEY=
-
-#==================================================#
-#                        RAG                       #
-#==================================================#
-# More info: https://www.librechat.ai/docs/configuration/rag_api
-
-# RAG_OPENAI_BASEURL=
-# RAG_OPENAI_API_KEY=
-# RAG_USE_FULL_CONTEXT=
-# EMBEDDINGS_PROVIDER=openai
-# EMBEDDINGS_MODEL=text-embedding-3-small
-
-#===================================================#
-#                    User System                    #
-#===================================================#
-
-#========================#
-# Moderation             #
-#========================#
-
-OPENAI_MODERATION=false
-OPENAI_MODERATION_API_KEY=
-# OPENAI_MODERATION_REVERSE_PROXY=
-
-BAN_VIOLATIONS=true
-BAN_DURATION=1000 * 60 * 60 * 2
-BAN_INTERVAL=20
-
-LOGIN_VIOLATION_SCORE=1
-REGISTRATION_VIOLATION_SCORE=1
-CONCURRENT_VIOLATION_SCORE=1
-MESSAGE_VIOLATION_SCORE=1
-NON_BROWSER_VIOLATION_SCORE=20
-
-LOGIN_MAX=7
-LOGIN_WINDOW=5
-REGISTER_MAX=5
-REGISTER_WINDOW=60
-
-LIMIT_CONCURRENT_MESSAGES=true
-CONCURRENT_MESSAGE_MAX=2
-
-LIMIT_MESSAGE_IP=true
-MESSAGE_IP_MAX=40
-MESSAGE_IP_WINDOW=1
-
-LIMIT_MESSAGE_USER=false
-MESSAGE_USER_MAX=40
-MESSAGE_USER_WINDOW=1
-
-ILLEGAL_MODEL_REQ_SCORE=5
-
-#========================#
-# Balance                #
-#========================#
-
-CHECK_BALANCE=false
-# START_BALANCE=20000 # note: the number of tokens that will be credited after registration.
-
-#========================#
-# Registration and Login #
-#========================#
-
-ALLOW_EMAIL_LOGIN=true
-ALLOW_REGISTRATION=true
-ALLOW_SOCIAL_LOGIN=false
-ALLOW_SOCIAL_REGISTRATION=false
-ALLOW_PASSWORD_RESET=false
-# ALLOW_ACCOUNT_DELETION=true # note: enabled by default if omitted/commented out
-ALLOW_UNVERIFIED_EMAIL_LOGIN=true
-
-SESSION_EXPIRY=1000 * 60 * 15
-REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
-
-JWT_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_SECRET'] }}
-JWT_REFRESH_SECRET={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIBRECHAT_JWT_REFRESH_SECRET'] }}
-
-
-# Discord
-DISCORD_CLIENT_ID=
-DISCORD_CLIENT_SECRET=
-DISCORD_CALLBACK_URL=/oauth/discord/callback
-
-# Facebook
-FACEBOOK_CLIENT_ID=
-FACEBOOK_CLIENT_SECRET=
-FACEBOOK_CALLBACK_URL=/oauth/facebook/callback
-
-# GitHub
-GITHUB_CLIENT_ID=
-GITHUB_CLIENT_SECRET=
-GITHUB_CALLBACK_URL=/oauth/github/callback
-# GitHub Enterprise
-# GITHUB_ENTERPRISE_BASE_URL=
-# GITHUB_ENTERPRISE_USER_AGENT=
-
-# Google
-GOOGLE_CLIENT_ID=
-GOOGLE_CLIENT_SECRET=
-GOOGLE_CALLBACK_URL=/oauth/google/callback
-
-# Apple
-APPLE_CLIENT_ID=
-APPLE_TEAM_ID=
-APPLE_KEY_ID=
-APPLE_PRIVATE_KEY_PATH=
-APPLE_CALLBACK_URL=/oauth/apple/callback
-
-# OpenID
-OPENID_CLIENT_ID=
-OPENID_CLIENT_SECRET=
-OPENID_ISSUER=
-OPENID_SESSION_SECRET=
-OPENID_SCOPE="openid profile email"
-OPENID_CALLBACK_URL=/oauth/openid/callback
-OPENID_REQUIRED_ROLE=
-OPENID_REQUIRED_ROLE_TOKEN_KIND=
-OPENID_REQUIRED_ROLE_PARAMETER_PATH=
-# Set to determine which user info property returned from OpenID Provider to store as the User's username
-OPENID_USERNAME_CLAIM=
-# Set to determine which user info property returned from OpenID Provider to store as the User's name
-OPENID_NAME_CLAIM=
-
-OPENID_BUTTON_LABEL=
-OPENID_IMAGE_URL=
-
-# LDAP
-# LDAP_URL=
-# LDAP_BIND_DN=
-# LDAP_BIND_CREDENTIALS=
-# LDAP_USER_SEARCH_BASE=
-# LDAP_SEARCH_FILTER=mail=
-# LDAP_CA_CERT_PATH=
-# LDAP_TLS_REJECT_UNAUTHORIZED=
-# LDAP_LOGIN_USES_USERNAME=true
-# LDAP_ID=
-# LDAP_USERNAME=
-# LDAP_EMAIL=
-# LDAP_FULL_NAME=
-
-#========================#
-# Email Password Reset   #
-#========================#
-
-EMAIL_SERVICE=
-EMAIL_HOST=postal-smtp
-EMAIL_PORT=25
-EMAIL_ENCRYPTION=
-EMAIL_ENCRYPTION_HOSTNAME=
-EMAIL_ALLOW_SELFSIGNED=
-EMAIL_USERNAME=
-EMAIL_PASSWORD=
-EMAIL_FROM_NAME=
-EMAIL_FROM=noreply@librechat.ai
-
-#========================#
-# Firebase CDN           #
-#========================#
-
-# FIREBASE_API_KEY=
-# FIREBASE_AUTH_DOMAIN=
-# FIREBASE_PROJECT_ID=
-# FIREBASE_STORAGE_BUCKET=
-# FIREBASE_MESSAGING_SENDER_ID=
-# FIREBASE_APP_ID=
-
-#========================#
-# Shared Links           #
-#========================#
-
-ALLOW_SHARED_LINKS=true
-ALLOW_SHARED_LINKS_PUBLIC=true
-
-#==============================#
-# Static File Cache Control    #
-#==============================#
-
-# Leave commented out to use defaults: 1 day (86400 seconds) for s-maxage and 2 days (172800 seconds) for max-age
-# NODE_ENV must be set to production for these to take effect
-# STATIC_CACHE_MAX_AGE=172800
-# STATIC_CACHE_S_MAX_AGE=86400
-
-# If you have another service in front of your LibreChat doing compression, disable express based compression here
-# DISABLE_COMPRESSION=true
-
-#===================================================#
-#                        UI                         #
-#===================================================#
-
-APP_TITLE=LibreChat
-# CUSTOM_FOOTER="My custom footer"
-HELP_AND_FAQ_URL=https://librechat.ai
-
-# SHOW_BIRTHDAY_ICON=true
-
-# Google tag manager id
-#ANALYTICS_GTM_ID=user provided google tag manager id
-
-#===============#
-# REDIS Options #
-#===============#
-
-REDIS_URI=redis:6379
-USE_REDIS=true
-
-# USE_REDIS_CLUSTER=true
-# REDIS_CA=/path/to/ca.crt
-
-#==================================================#
-#                      Others                      #
-#==================================================#
-#   You should leave the following commented out   #
-
-# NODE_ENV=
-
-# E2E_USER_EMAIL=
-# E2E_USER_PASSWORD=
-
-#=====================================================#
-#                  Cache Headers                      #
-#=====================================================#
-#   Headers that control caching of the index.html    #
-#   Default configuration prevents caching to ensure  #
-#   users always get the latest version. Customize    #
-#   only if you understand caching implications.      #
-
-# INDEX_HTML_CACHE_CONTROL=no-cache, no-store, must-revalidate
-# INDEX_HTML_PRAGMA=no-cache
-# INDEX_HTML_EXPIRES=0
-
-# no-cache: Forces validation with server before using cached version
-# no-store: Prevents storing the response entirely
-# must-revalidate: Prevents using stale content when offline
-
-#=====================================================#
-#                  OpenWeather                        #
-#=====================================================#
-OPENWEATHER_API_KEY={{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['HOMEPAGE_OPENWEATHERMAP_API_KEY'] }}

ansible/app-configs/librechat_librechat.yaml.j2

@@ -1,33 +0,0 @@
-version: 1.0.0
-endpoints:
-  custom:
-    - name: "ollama"
-      apiKey: "ollama"
-      baseURL: "http://ollama:11434/v1/chat/completions"
-      models:
-        default: [
-          "deepseek-r1:1.5b",
-          "deepseek-coder-v2:16b",
-          "deepseek-v3:671b",
-          "llama3.3:70b",
-          "phi4:14b",
-          "qwen2.5",
-          "llama2:7b",
-          "mistral:7b",
-          "codellama:7b",
-          "tinyllama:1.1b",
-          "starcoder2:3b",
-          "dolphin-mistral:7b",
-          "smollm2:1.7b",
-          "orca-mini:3b",
-          "mistral-openorca:7b"
-        ]
-# fetching list of models is supported but the `name` field must start
-# with `ollama` (case-insensitive), as it does in this example.
-        fetch: true
-      titleConvo: true
-      titleModel: "current_model"
-      summarize: false
-      summaryModel: "current_model"
-      forcePrompt: false
-      modelDisplayLabel: "Ollama"

ansible/app-configs/loggifly_config.yaml.j2

@@ -1,33 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-containers:
-  ghost_blog:
-    action_keywords:
-      - restart:
-          regex: ':[0-9]{2}\] ERROR.*$'
-  immich-server:
-    action_keywords:
-      - restart:
-          regex: 'ADVICE:.*error'
-  invidious:
-    keywords:
-      - regex: 'Error reading.*Connection reset by peer trying to reconnect...'
-global_keywords:
-  keywords:
-    - panic
-  keywords_with_attachment:
-    - fatal
-notifications:
-  apprise:
-    url: gotify://gotify/{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['APPRISE_GOTIFY_TOKEN'] }}    # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki)
-# settings are optional because they all have default values
-settings:
-  log_level: INFO               # DEBUG, INFO, WARNING, ERROR
-  notification_cooldown: 5      # Seconds between alerts for same keyword (per container)
-  attachment_lines: 20          # Number of Lines to include in log attachments
-  multi_line_entries: true      # Detect multi-line log entries
-  disable_restart: false        # Disable restart when a config change is detected
-  disable_start_message: false  # Suppress startup notification
-  disable_shutdown_message: false  # Suppress shutdown notification
-  disable_restart_message: false   # Suppress config reload notification

ansible/app-configs/mirotalk_src_config.js.j2

@@ -1,159 +0,0 @@
-'use strict';
-
-const packageJson = require('../../package.json');
-
-module.exports = {
-    // Branding and customizations require a license: https://codecanyon.net/item/mirotalk-p2p-webrtc-realtime-video-conferences/38376661
-    brand: {
-        app: {
-            language: 'en', // https://en.wikipedia.org/wiki/List_of_ISO_639_language_codes
-            name: 'MiroTalk',
-            title: '<h1>MiroTalk</h1/>Free browser based Real-time video calls.<br />Simple, Secure, Fast.',
-            description:
-                'Start your next video call with a single click. No download, plug-in, or login is required. Just get straight to talking, messaging, and sharing your screen.',
-            joinDescription: 'Pick a room name.<br />How about this one?',
-            joinButtonLabel: 'JOIN ROOM',
-            joinLastLabel: 'Your recent room:',
-        },
-        og: {
-            type: 'app-webrtc',
-            siteName: 'MiroTalk',
-            title: 'Click the link to make a call.',
-            description:
-                'MiroTalk calling provides real-time HD quality and latency simply not available with traditional technology.',
-            image: 'https://p2p.mirotalk.com/images/preview.png',
-            url: 'https://p2p.mirotalk.com',
-        },
-        site: {
-            shortcutIcon: '../images/logo.svg',
-            appleTouchIcon: '../images/logo.svg',
-            landingTitle: 'MiroTalk a Free Secure Video Calls, Chat & Screen Sharing.',
-            newCallTitle: 'MiroTalk a Free Secure Video Calls, Chat & Screen Sharing.',
-            newCallRoomTitle: 'Pick name. <br />Share URL. <br />Start conference.',
-            newCallRoomDescription:
-                "Each room has its disposable URL. Just pick a room name and share your custom URL. It's that easy.",
-            loginTitle: 'MiroTalk - Host Protected login required.',
-            clientTitle: 'MiroTalk WebRTC Video call, Chat Room & Screen Sharing.',
-            privacyPolicyTitle: 'MiroTalk - privacy and policy.',
-            stunTurnTitle: 'Test Stun/Turn Servers.',
-            notFoundTitle: 'MiroTalk - 404 Page not found.',
-        },
-        html: {
-            features: true,
-            browsers: true,
-            teams: true, // please keep me always true ;)
-            tryEasier: true,
-            poweredBy: true,
-            sponsors: true,
-            advertisers: true,
-            footer: true,
-        },
-        about: {
-            imageUrl: '../images/mirotalk-logo.gif',
-            title: `WebRTC P2P v${packageJson.version}`,
-            html: `
-                <button
-                    id="support-button"
-                    data-umami-event="Support button"
-                    onclick="window.open('https://codecanyon.net/user/miroslavpejic85')">
-                    <i class="fas fa-heart" ></i>&nbsp;Support
-                </button>
-                <br /><br /><br />
-                Author:<a
-                    id="linkedin-button"
-                    data-umami-event="Linkedin button"
-                    href="https://www.linkedin.com/in/miroslav-pejic-976a07101/" target="_blank">
-                    Miroslav Pejic
-                </a>
-                <br /><br />
-                Email:<a
-                    id="email-button"
-                    data-umami-event="Email button"
-                    href="mailto:miroslav.pejic.85@gmail.com?subject=MiroTalk P2P info">
-                    miroslav.pejic.85@gmail.com
-                </a>
-                <br /><br />
-                <hr />
-                <span>&copy; 2025 MiroTalk P2P, all rights reserved</span>
-                <hr />
-            `,
-        },
-        //...
-    },
-    /**
-     * Configuration for controlling the visibility of buttons in the MiroTalk P2P client.
-     * Set properties to true to show the corresponding buttons, or false to hide them.
-     * captionBtn, showSwapCameraBtn, showScreenShareBtn, showFullScreenBtn, showVideoPipBtn, showDocumentPipBtn -> (auto-detected).
-     */
-    buttons: {
-        main: {
-            showShareQr: true,
-            showShareRoomBtn: true, // For guests
-            showHideMeBtn: true,
-            showAudioBtn: true,
-            showVideoBtn: true,
-            showScreenBtn: true, // autodetected
-            showRecordStreamBtn: true,
-            showChatRoomBtn: true,
-            showCaptionRoomBtn: true,
-            showRoomEmojiPickerBtn: true,
-            showMyHandBtn: true,
-            showWhiteboardBtn: true,
-            showSnapshotRoomBtn: true,
-            showFileShareBtn: true,
-            showDocumentPipBtn: true,
-            showMySettingsBtn: true,
-            showAboutBtn: true, // Please keep me always true, Thank you!
-        },
-        chat: {
-            showTogglePinBtn: true,
-            showMaxBtn: true,
-            showSaveMessageBtn: true,
-            showMarkDownBtn: true,
-            showChatGPTBtn: true,
-            showFileShareBtn: true,
-            showShareVideoAudioBtn: true,
-            showParticipantsBtn: true,
-        },
-        caption: {
-            showTogglePinBtn: true,
-            showMaxBtn: true,
-        },
-        settings: {
-            showMicOptionsBtn: true,
-            showTabRoomPeerName: true,
-            showTabRoomParticipants: true,
-            showTabRoomSecurity: true,
-            showTabEmailInvitation: true,
-            showCaptionEveryoneBtn: true,
-            showMuteEveryoneBtn: true,
-            showHideEveryoneBtn: true,
-            showEjectEveryoneBtn: true,
-            showLockRoomBtn: true,
-            showUnlockRoomBtn: true,
-            showShortcutsBtn: true,
-        },
-        remote: {
-            showAudioVolume: true,
-            audioBtnClickAllowed: true,
-            videoBtnClickAllowed: true,
-            showVideoPipBtn: true,
-            showKickOutBtn: true,
-            showSnapShotBtn: true,
-            showFileShareBtn: true,
-            showShareVideoAudioBtn: true,
-            showPrivateMessageBtn: true,
-            showZoomInOutBtn: false,
-            showVideoFocusBtn: true,
-        },
-        local: {
-            showVideoPipBtn: true,
-            showSnapShotBtn: true,
-            showVideoCircleBtn: true,
-            showZoomInOutBtn: false,
-        },
-        whiteboard: {
-            whiteboardLockBtn: false,
-        },
-    },
-};

ansible/app-configs/multi-scrobbler_config.json.j2

@@ -2,110 +2,62 @@
 {% set secrets_path = 'rinoa-docker/env' %}
 
 {
-  "debugMode": false,
-  "disableWeb": false,
-  "sourceDefaults": {
-    "logPayload": false,
-    "logFilterFailure": "warn",
-    "logPlayerState": false,
-    "scrobbleThresholds": {
-      "duration": 30,
-      "percent": 20
+    "sourceDefaults": {
+      "maxPollRetries": 0,          // optional, default # of automatic polling restarts on error. can be overridden by property in individual config
+      "maxRequestRetries": 1,       // optional, default # of http request retries a source can make before error is thrown. can be overridden by property in individual config
+      "retryMultiplier": 1.5       // optional, default retry delay multiplier (retry attempt * multiplier = # of seconds to wait before retrying). can be overridden by property in individual config
     },
-    "maxPollRetries": 1,
-    "maxRequestRetries": 1,
-    "retryMultiplier": 1.5
-  },
-  "clientDefaults": {
-    "maxRequestRetries": 1,
-    "retryMultiplier": 1.5
-  },
-  "sources": [
-    {
-      "type": "spotify",
-      "enable": true,
-      "clients": [],
-      "name": "spotify",
-      "data": {
-        "clientId": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_ID'] }}",
-        "clientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['YOUR_SPOTIFY_SECRET'] }}",
-        "redirectUri": "http://localhost:9078/callback"
-      }
+    "clientDefaults": {
+      "maxRequestRetries": 1,       // optional, default # of http request retries a client can make before error is thrown. can be overridden by property in individual config
+      "retryMultiplier": 1.5       // optional, default retry delay multiplier (retry attempt * multiplier = # of seconds to wait before retrying). can be overridden by property in individual config
     },
-    {
-      "type": "lastfm",
-      "enable": true,
-      "clients": [],
-      "name": "lastfm",
-      "data": {
-        "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
-        "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
-        "redirectUri": "http://localhost:9078/lastfm/callback"
-      }
-    },
-    {
-      "type": "listenbrainz",
-      "enable": true,
-      "clients": [],
-      "name": "listenBrainz",
-      "data": {
-        "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
-        "username": "Trez.One"
-      }
-    },
-    {
-      "type": "subsonic",
-      "enable": true,
-      "clients": [],
-      "name": "navidrome",
-      "data": {
-        "url": "http://navidrome:4533",
-        "user": "admin",
-        "password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NAVIDROME_PASSWORD'] }}"
-      }
-    }
-  ],
-  "clients": [
-    {
-      "type": "lastfm",
-      "enable": true,
-      "name": "lastFmClient",
-      "data": {
-        "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
-        "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
-        "redirectUri": "http://localhost:9078/lastfm/callback"
-      }
-    },
-    {
-      "type": "listenbrainz",
-      "enable": true,
-      "name": "ListenBrainzClient",
-      "data": {
-        "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
-        "username": "Trez.One"
-      }
-    },
-    {
-      "type": "maloja",
-      "enable": true,
-      "name": "maloja",
-      "data": {
-        "url": "http://maloja:42010",
-        "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_API_KEY'] }}"
-      }
-    }
-  ],
-  "webhooks": [
-    {
-      "name": "Gotify",
-      "type": "gotify",
-      "url": "http://gotify",
-      "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MULTI_SCROBBLER_GOTIFY_TOKEN'] }}",
-      "priorities": {
-        "info": 5,
-        "warn": 7,
-        "error": 10
-      }
-    }
-  ]
-}
+    "clients": [
+        {
+            "name": "Last.fm Client",
+            "enable": true,
+            "configureAs": "client",
+            "data": {
+            "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
+            "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
+            "redirectUri": "http://localhost:9078/lastfm/callback"
+            }
+        },
+        {
+            "name": "Last.fm Source",
+            "enable": true,
+            "configureAs": "source",
+            "data": {
+            "apiKey": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_KEY'] }}",
+            "secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LASTFM_API_SECRET'] }}",
+            "redirectUri": "http://localhost:9078/lastfm/callback"
+            }
+        },
+        {
+            "name": "Maloja",
+            "enable": true,
+            "data": {
+            "url": "http://maloja:42010",
+            "apiKey": "myMalojaKey"
+            }
+        },
+        {
+          "name": "ListenBrainz Client",
+          "enable": true,
+          "configureAs": "client",
+          "data": {
+            "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
+            "username": "Trez.One"
+          }
+        },
+        {
+          "name": "ListenBrainz Source",
+          "enable": true,
+          "configureAs": "source",
+          "data": {
+            "token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MALOJA_LISTENBRAINZ_TOKEN'] }}",
+            "username": "Trez.One"
+          }
+        }
+      ]
+  }
+}

ansible/app-configs/netbird_management.json.j2

@@ -47,30 +47,60 @@
   },
   "HttpConfig": {
     "Address": "0.0.0.0:33073",
-    "AuthIssuer": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
-    "AuthAudience": "netbird",
-    "AuthKeysLocation": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/jwks.json",
+    "AuthIssuer": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
+    "AuthAudience": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
+    "AuthKeysLocation": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/keys",
     "AuthUserIDClaim": "",
     "CertFile": "",
     "CertKey": "",
     "IdpSignKeyRefreshEnabled": true,
-    "OIDCConfigEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration"
+    "OIDCConfigEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration"
+  },
+  "IdpManagerConfig": {
+    "ManagerType": "zitadel",
+    "ClientConfig": {
+      "Issuer": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
+      "TokenEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/token",
+      "ClientID": "netbird",
+      "ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_SECRET'] }}",
+      "GrantType": "client_credentials"
+    },
+    "ExtraConfig": {
+      "ManagementEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/management/v1"
+    },
+    "Auth0ClientCredentials": null,
+    "AzureClientCredentials": null,
+    "KeycloakClientCredentials": null,
+    "ZitadelClientCredentials": null
+  },
+  "DeviceAuthorizationFlow": {
+    "Provider": "hosted",
+    "ProviderConfig": {
+      "Audience": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
+      "AuthorizationEndpoint": "",
+      "Domain": "",
+      "ClientID": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
+      "ClientSecret": "",
+      "TokenEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/token",
+      "DeviceAuthEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/device_authorization",
+      "Scope": "openid",
+      "UseIDToken": false,
+      "RedirectURLs": null
+    }
   },
-  "IdpManagerConfig": {},
-  "DeviceAuthorizationFlow": {},
   "PKCEAuthorizationFlow": {
     "ProviderConfig": {
-      "Audience": "netbird",
-      "ClientID": "netbird",
-      "ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}",
+      "Audience": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
+      "ClientID": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_ZITADEL_CLIENT_ID'] }}",
+      "ClientSecret": "",
       "Domain": "",
-      "AuthorizationEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/authorization",
-      "TokenEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/token",
+      "AuthorizationEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/authorize",
+      "TokenEndpoint": "https://id.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/oauth/v2/token",
       "Scope": "openid profile email offline_access api",
       "RedirectURLs": [
         "http://localhost:53000"
       ],
-      "UseIDToken": true
+      "UseIDToken": false
     }
   }
 }

ansible/app-configs/postal_postal.yml.j2

@@ -30,9 +30,6 @@ message_db:
 smtp_server:
   default_port: 25
   default_bind_address: "::"
-  tls_enabled: true
-  tls_certificate_path: /config/certs/fullchain.pem
-  tls_private_key_path: /config/certs/privkey.pem
 
 dns:
   # Specify the DNS records that you have configured. Refer to the documentation at

ansible/app-configs/sabnzbd_sabnzbd.ini.j2

@@ -342,7 +342,7 @@ host = news.newshosting.com
 port = 563
 timeout = 60
 username = thetrezuredone
-password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSK_USER_PASSWORD'] }}
+password = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_PASSWORD'] }}
 connections = 8
 ssl = 1
 ssl_verify = 3

ansible/app-configs/searxng_settings.yml.j2

@@ -211,13 +211,11 @@ outgoing:
 
 # Comment or un-comment plugin to activate / deactivate by default.
 #
-enabled_plugins:
+# enabled_plugins:
 #   # these plugins are enabled if nothing is configured ..
-  - 'Hash plugin'
-  - 'Self Information'
-  - 'Tracker URL remover'
-  - 'Basic Calculator'
-  - 'Unit converter plugin'
+#   - 'Hash plugin'
+#   - 'Self Information'
+#   - 'Tracker URL remover'
 #   - 'Ahmia blacklist'  # activation depends on outgoing.using_tor_proxy
 #   # these plugins are disabled if nothing is configured ..
 #   - 'Hostname replace'  # see hostname_replace configuration below

ansible/app-configs/soularr_config.ini.j2

@@ -1,76 +0,0 @@
-{% set vault_addr = 'https://vault.trez.wtf' %}
-{% set secrets_path = 'rinoa-docker/env' %}
-
-[Lidarr]
-api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['LIDARR_API_KEY'] }}
-host_url = http://lidarr:8686
-#This should be the path mounted in lidarr that points to your slskd download directory.
-#If Lidarr is not running in Docker then this may just be the same dir as Slskd is using below.
-download_dir = /storage
-
-[Slskd]
-#Api key from Slskd. Need to set this up manually. See link to Slskd docs above.
-api_key = {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_API_KEY'] }}
-host_url = http://gluetun:5030
-#Slskd download directory. Should have set it up when installing Slskd.
-download_dir = /app/downloads
-#Removes searches from Slskd after the search finishes.
-delete_searches = False
-#Maximum time (in seconds) that the script will wait for downloads to complete.
-#This is used to prevent the script from running forever due to a stalled download. Defaults to 1 hour.
-stalled_timeout = 3600
-
-[Release Settings]
-#Selects the release with the most common amount of tracks out of all the releases.
-use_most_common_tracknum = True
-allow_multi_disc = True
-#See full list of countries below.
-accepted_countries = Europe,Japan,United Kingdom,United States,[Worldwide],Australia,Canada
-#See full list of formats below.
-accepted_formats = CD,Digital Media,Vinyl
-
-[Search Settings]
-search_timeout = 5000
-maximum_peer_queue = 50
-#Min upload speed in bit/s
-minimum_peer_upload_speed = 0
-#Min match ratio accepted when comparing lidarr track names to soulseek filenames.
-minimum_filename_match_ratio = 0.5
-#Specify the file types you prefer from most to least. As well as their attributes such as bitrate / samplerate / bitdepth.
-#For flacs you can choose the bitdepth/samplerate. And for mp3s the bitrate.
-#If you do not care about the specific quality you can still just put "flac" or "mp3".
-#Soularr will then just look at the filetype and ignore file attributes.
-allowed_filetypes = flac 24/192,flac 16/44.1,flac,mp3 320,mp3
-ignored_users = User1,User2,Fred,Bob
-#Set to False if you only want to search for complete albums
-search_for_tracks = True
-#Set to True if you want to add the artist's name to the beginning of the search for albums
-album_prepend_artist = False
-track_prepend_artist = True
-#Valid search types: all || incrementing_page || first_page
-  #"all" will search for every wanted record everytime soularr is run.
-  #"incrementing_page" will start with the first page and increment to the next on each run.
-  #"first_page" will repeatedly search the first page.
-#If using the search type "first_page" remove_wanted_on_failure should be enabled.
-search_type = incrementing_page
-#How mancy records to grab each run, must be a number between 1 - 2,147,483,647
-number_of_albums_to_grab = 10
-#Unmonitors the album if Soularr can't find it and places it in "failure_list.txt".
-#Failed albums can be re monitored by filtering "Unmonitored" in the Lidarr wanted list.
-remove_wanted_on_failure = False
-#Comma separated list of words that can't be in the title of albums or tracks. Case insensitive.
-title_blacklist = BlacklistWord1,blacklistword2
-#Lidarr source to use for searching. Accepted values are "all", "missing", or "cutoff_unmet". If "all" is selected
-# then both missing and cutoff_unme will be searched. The default value is "missing".
-search_source = missing
-
-[Logging]
-#These options are passed into the logger's basicConfig() method as-is.
-#This means, if you're familiar with Python's logging module, you can configure
-#the logger with options beyond what's listed here by default.
-#For more information on available options  --  https://docs.python.org/3/library/logging.html#logging.basicConfig
-level = INFO
-# Format of log message  --  https://docs.python.org/3/library/logging.html#logrecord-attributes
-format = [%(levelname)s|%(module)s|L%(lineno)d] %(asctime)s: %(message)s
-# Format of datetimes  --  https://docs.python.org/3/library/time.html#time.strftime
-datefmt = %Y-%m-%dT%H:%M:%S%z

ansible/app-configs/soulseek_slskd.yml.j2

@@ -1,212 +1,238 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 
-directories:
-  incomplete: /app/incomplete
-  downloads: /app/downloads
-shares:
-  directories:
-    - /music
-rooms:
-  - '! meow chat :3'
-  - '#ANUS'
-  - '#CORONAVIRUS'
-  - '#Horrorcore'
-  - '#La France'
-  - '#icilombre-hardcore'
-  - '#polska'
-  - '#vegan'
-  - $$RARE RAP MUSIC$$
-  - ([6)]
-  - +Autism+
-  - +BlackMetal+
-  - +HIP_HOP_SCENE_RELEASES+
-  - /mu/
-  - 60lover
-  - 60lover v2
-  - 70 Rare groove Soul Jazz
-  - 80's 12 Inches & More
-  - 90's Rare Riddim !!
-  - 90's emo
-  - <>Electronics Labels<>
-  - ACID
-  - ARGENTINA
-  - "ATLLUMINATI\u201Cawareness"
-  - AUSTRALIA
-  - Alcohol
-  - Ambient
-  - Anime
-  - Audiobooks
-  - Avantgarde
-  - BDSM
-  - BLUES BUNKER MUSIC
-  - BOB DYLAN ROOM
-  - BigEdsClassicRock
-  - BigedsSixties
-  - Blues&Soul
-  - Bootlegged concerts
-  - Brasil
-  - Breakcore
-  - CHILE
-  - Canada
-  - China Room
-  - Chiptunes
-  - Christians
-  - Classical
-  - Come To The Sabbath !
-  - Communism
-  - DEATH METAL CLUB
-  - Dark Ambient
-  - De Koffie Shop
-  - De Kroeg
-  - Deathrock
-  - DieMilitarmusik
-  - Disco Classics
-  - Doom Metal
-  - Doujin Music
-  - Dub Techno
-  - Dubstep
-  - EBM-GOTHIC-INDUSTRIAL
-  - EBooks
-  - Emo
-  - Eurodance
-  - Eurovision Song Contest
-  - Experimental Electronica
-  - FOLK MUSIC
-  - Free Jazz
-  - Furry
-  - Gay
-  - Gothic
-  - Greece
-  - Grindcore
-  - HEE cum eaters 1! !
-  - HOUSE MUSIC LOVERS (AG)
-  - Happy Hardcore
-  - Hardcore NL
-  - Hardcore/punk
-  - Hip Hop
-  - Horror movies
-  - IDM
-  - INDUSTRIAL
-  - IReGGaeGaLaXy
-  - Incredibly Strange Music
-  - Israel
-  - Jaz (Full CDs)
-  - Jazz
-  - Jazz-Rock-Fusion-Guitar
-  - Juggalo Family
-  - Jungle
-  - Korean Music
-  - LANGUAGE EXCHANGE here
-  - LGBTQ+!!
-  - Last.fm
-  - Linux
-  - Lossless Scores
-  - MOVIES
-  - Mac Users
-  - Metal
-  - MovieMusic
-  - NORWAY
-  - New Crystal Vibrations
-  - New Wave
-  - New Zealand
-  - OLD SKOOL GANGSTA SHIT
-  - OLDSCHOOL 88-94
-  - OLI SHOTA CUB ROOM!
-  - Original Blues Bunker
-  - PSYCHEDELIA
-  - PUNK/HARDCORE/GRIND
-  - Portugal
-  - Post Punk
-  - Post-Hardcore (modern)
-  - Progressive Rock
-  - Psychedelic/Acid Rock
-  - Psytrance
-  - Quebec
-  - REGGAE
-  - Rare Music
-  - RareVHS/DVD/Rips
-  - Retro Gaming
-  - Romania
-  - Room Name
-  - SIsk Idiots !!
-  - SLUDGE!
-  - Slovenia
-  - Soundtracks&Scores
-  - Spain
-  - Stoner HiVe
-  - Stoner Rock
-  - Strange Music
-  - TECHNO, Mixes and Tunes
-  - THC
-  - Talia
-  - The Dangerous Kitchen
-  - TheScoreZone
-  - Thrash Metal
-  - Tinmans Movie Room
-  - Trip-Hop
-  - Ttalian_dancefloor
-  - Twee Folks
-  - UK DUB
-  - URIDDIM!!
-  - Ukraine
-  - Underground Hiphop
-  - VAPORWAVE
-  - Video Game Chat
-  - Vinyl Addicts
-  - Vocaloid
-  - WHATCDs
-  - World Music
-  - Yacht Rock
-  - '[German] [Deutsch]'
-  - abbey road Itd
-  - anime cunny
-  - bleeps&klonks
-  - breakbeat
-  - comics
-  - deep house connection
-  - drum'n'bass
-  - eesti mehed
-  - electro
-  - flacfield
-  - food
-  - for Losers
-  - hungary
-  - indie
-  - japanese music
-  - library music
-  - lossless
-  - minimal music
-  - museek
-  - noise
-  - 'on'
-  - postrock
-  - programming
-  - progressive house
-  - public porn
-  - r/musichoarder
-  - ru
-  - shoegaze
-  - tapekvit
-  - test
-  - trancEaddict
-  - trivia
-  - what.cd
-  - what.cd electronic
-  - what.cd-flac
-  - '{Italo Disco'
-web:
-  authentication:
-    username: slskd
-    password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_WEB_PASSSWORD'] }}
-    api_keys:
-      my_api_key:
-        key: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSKD_API_KEY'] }}
-        role: readwrite
-        cidr: 0.0.0.0/0,::/0
-soulseek:
-  address: vps.slsknet.org
-  port: 2271
-  username: Trez.One
-  password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['SLSK_USER_PASSWORD'] }}
-  diagnostic_level: Info
+# debug: false
+# remote_configuration: false
+# remote_file_management: false
+# instance_name: default
+# flags:
+#   no_logo: false
+#   no_start: false
+#   no_config_watch: false
+#   no_connect: false
+#   no_share_scan: false
+#   force_share_scan: false
+#   no_version_check: false
+#   log_sql: false
+#   experimental: false
+#   volatile: false
+#   case_sensitive_reg_ex: false
+#   legacy_windows_tcp_keepalive: false
+# relay:
+#   enabled: false
+#   mode: controller # controller (default), agent, or debug (for local development)
+#   # controller config is required when running in 'agent' mode
+#   # this specifies the relay controller that will be controlling this agent
+#   controller:
+#     address: https://some.site.com:5000
+#     ignore_certificate_errors: false
+#     api_key: <a 16-255 character string corresponding to one of the controller's 'readwrite' or 'administrator' API keys>
+#     secret: <a 16-255 character shared secret matching the controller's config for this agent>
+#     downloads: false
+#   # agent config is optional when running in 'controller' mode
+#   # this specifies all of the agents capable of connecting
+#   agents:
+#     my_agent:
+#       instance_name: my_agent # make sure the top-level instance_name of the agent matches!
+#       secret: <a 16-255 character string unique to this agent>
+#       cidr: 0.0.0.0/0,::/0
+# permissions:
+#   file:
+#     mode: ~ # not for Windows, chmod syntax, e.g. 644, 777. can't escalate beyond umask
+# directories:
+#   incomplete: ~
+#   downloads: ~
+# shares:
+#   directories:
+#     - ~
+#   filters:
+#     - \.ini$
+#     - Thumbs.db$
+#     - \.DS_Store$
+#   cache:
+#     storage_mode: memory
+#     workers: 16
+#     retention: ~ # retain indefinitely (do not automatically re-scan)
+# rooms:
+#   - ~
+# global:
+#   upload:
+#     slots: 20
+#     speed_limit: 1000 # in kibibytes
+#   limits:
+#     queued:
+#       files: 500
+#       megabytes: 5000
+#     daily:
+#       files: 1000
+#       megabytes: 10000
+#       failures: 200
+#     weekly:
+#       files: 5000
+#       megabytes: 50000
+#       failures: 1000
+#   download:
+#     slots: 500
+#     speed_limit: 1000
+# groups:
+#   default:
+#     upload:
+#       priority: 500
+#       strategy: roundrobin
+#       slots: 10
+#     limits:
+#       queued:
+#         files: 150
+#         megabytes: 1500
+#       daily: ~ # no daily limits (weekly still apply)
+#       weekly:
+#         files: 1500
+#         megabytes: 15000
+#         failures: 150
+#   leechers:
+#     thresholds:
+#       files: 1
+#       directories: 1
+#     upload:
+#       priority: 999
+#       strategy: roundrobin
+#       slots: 1
+#       speed_limit: 100
+#     limits:
+#       queued:
+#         files: 15
+#         megabytes: 150
+#       daily:
+#         files: 30
+#         megabytes: 300
+#         failures: 10
+#       weekly:
+#         files: 150
+#         megabytes: 1500
+#         failures: 30
+#   blacklisted:
+#     members:
+#       - <username to blacklist>
+#     cidrs:
+#       - <CIDR to blacklist, e.g. 255.255.255.255/32>
+#   user_defined:
+#     my_buddies:
+#       upload:
+#         priority: 250
+#         strategy: firstinfirstout
+#         slots: 10
+#       limits:
+#         queued:
+#           files: 1000 # override global default
+#       members:
+#         - alice
+#         - bob
+# blacklist:
+#   enabled: true
+#   file: <path to file containing CIDRs to blacklist>
+# filters:
+#   search:
+#     request:
+#       - ^.{1,2}$
+# web:
+#   port: 5030
+#   https:
+#     disabled: false
+#     port: 5031
+#     force: false
+#     certificate:
+#       pfx: ~
+#       password: ~
+#   url_base: /
+#   content_path: wwwroot
+#   logging: false
+#   authentication:
+#     disabled: false
+#     username: slskd
+#     password: slskd
+#     jwt:
+#       key: ~
+#       ttl: 604800000
+#     api_keys:
+#       my_api_key:
+#         key: <some example string between 16 and 255 characters>
+#         role: readonly # readonly, readwrite, administrator
+#         cidr: 0.0.0.0/0,::/0
+# retention:
+#   transfers:
+#     upload:
+#       succeeded: 1440 # 1 day
+#       errored: 30
+#       cancelled: 5
+#     download:
+#       succeeded: 1440 # 1 day
+#       errored: 20160 # 2 weeks 
+#       cancelled: 5
+#   files:
+#     complete: 20160 # 2 weeks
+#     incomplete: 43200 # 30 days
+#   logs: 259200 # 180 days
+# logger:
+#   disk: false
+#   no_color: false
+#   loki: ~
+# metrics:
+#   enabled: false
+#   url: /metrics
+#   authentication:
+#     disabled: false
+#     username: slskd
+#     password: slskd
+# feature:
+#   swagger: false
+# soulseek:
+#   address: vps.slsknet.org
+#   port: 2271
+#   username: ~
+#   password: ~
+#   description: |
+#     A slskd user. https://github.com/slskd/slskd
+#   listen_ip_address: 0.0.0.0
+#   listen_port: 50300
+#   diagnostic_level: Info
+#   distributed_network:
+#     disabled: false
+#     disable_children: false
+#     child_limit: 25
+#     logging: false
+#   connection:
+#     timeout:
+#       connect: 10000
+#       inactivity: 15000
+#     buffer:
+#       read: 16384
+#       write: 16384
+#       transfer: 262144
+#       write_queue: 250
+#     proxy:
+#       enabled: false
+#       address: ~
+#       port: ~
+#       username: ~
+#       password: ~
+# integration:
+#   ftp:
+#     enabled: false
+#     address: ~
+#     port: ~
+#     username: ~
+#     password: ~
+#     remote_path: /
+#     encryption_mode: auto
+#     ignore_certificate_errors: false
+#     overwrite_existing: true
+#     connection_timeout: 5000
+#     retry_attempts: 3
+#   pushbullet:
+#     enabled: false
+#     access_token: ~
+#     notification_prefix: "From slskd:"
+#     notify_on_private_message: true
+#     notify_on_room_mention: true
+#     retry_attempts: 3
+#     cooldown_time: 900000

ansible/app-configs/vector.yaml.j2

@@ -0,0 +1,32 @@
+  sources:
+    rinoa_docker_logs:
+      type: docker_logs
+      exclude_containers:
+        - zammad-init
+        - vector
+
+  sinks:
+    parseable:
+      type: http
+      method: post
+      batch:
+        max_bytes: 10485760
+        max_events: 1000
+        timeout_secs: 10
+      compression: gzip
+      inputs:
+        - rinoa_docker_logs
+      encoding:
+        codec: json
+      uri: http://parseable:8000/api/v1/ingest'
+      auth:
+        strategy: basic
+        user: admin
+        password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PARSEABLE_PASSWORD'] }}
+      request:
+        headers:
+          X-P-Stream: vectordemo
+      healthcheck:
+        enabled: true
+        path: 'http://parseable:8000/api/v1/liveness'
+        port: 80

ansible/app-configs/vector_vector.yaml.j2

@@ -2,7 +2,7 @@
     rinoa_docker_logs:
       type: docker_logs
       exclude_containers:
-        - vector
+        - zammad-init
 
   sinks:
     parseable:
@@ -24,7 +24,7 @@
         password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PARSEABLE_PASSWORD'] }}
       request:
         headers:
-          X-P-Stream: rinoa-docker-logs
+          X-P-Stream: vectordemo
       healthcheck:
         enabled: true
         path: 'http://parseable:8000/api/v1/liveness'

ansible/group_vars/all.yml

@@ -1,14 +1,14 @@
 vault_addr: "https://vault.trez.wtf"
 vault_token: !vault |
   $ANSIBLE_VAULT;1.1;AES256
-  64633862363730303434663261343764323731376539646264333339303234333733306234616462
-  6634333934373065633632376165636432346330396538330a626633666365353362656139643362
-  38636133326633316339346237326438626538613433656364333132333630366135663836396131
-  6132316130623936660a353432653864366539616433356537386633633437626133313262353363
-  65356538666366393934316231313037393061373763313164643331396331326533613132303531
-  39623836313031343034353163353339653330623139663266303836643632323237353335303361
-  66353833643564653666323835613863313232626538626163333231306461393535376338646633
-  64303965653730313565613735386230616137393034613437353261333737313236386530383163
-  65393238623237616135356361353836343532396137323734346136313466663036
+  66373236656261373330343233616231386539616566613864306436613635323533336365383232
+  6636653139393566643265303135343864363632393035380a643566373137316363626438356431
+  64653237313866316537326565386164373564353166346334663638636531353337303937346466
+  3539366634393337620a653133336530333963343638643934303336653935363932643665353234
+  63343565663632633563396131346139666236313863663332386131633831633566373366613738
+  63343634313539336534666632313736343338623538303434316230383764643432646663356238
+  61373132633062346436363036333533623931313037306633616662623032616137613734343638
+  63633031616161623437623935346366636433653435646333313638376161663237323130636433
+  31383031646666626163323966393738386233346137326231366263316532343563
 vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}"
 secrets_path: "rinoa-docker/env"